Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gem1.exe

Overview

General Information

Sample name:gem1.exe
Analysis ID:1587387
MD5:d61ac037c333f1bc288c1a96a4db7c21
SHA1:777228616a18b98103594276775188b5e138fa11
SHA256:f5946e9f0ab4dbbd8d8171e708607c98df283cb1a6145444ba6a5f86bb2b0896
Tags:exeJalapenomalwaretrojanuser-Joker
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • gem1.exe (PID: 7424 cmdline: "C:\Users\user\Desktop\gem1.exe" MD5: D61AC037C333F1BC288C1A96A4DB7C21)
    • conhost.exe (PID: 7432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • gem1.exe (PID: 7488 cmdline: "C:\Users\user\Desktop\gem1.exe" MD5: D61AC037C333F1BC288C1A96A4DB7C21)
    • WerFault.exe (PID: 7588 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 920 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "66.63.187.173", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt; .doc; .xlsx", "build_name": "1", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
      • 0xff0dc:$str01: emoji
      • 0x1018d8:$str02: %d-%m-%Y, %H:%M:%S
      • 0x101940:$str03: [UTC
      • 0x10194c:$str04: user_name
      • 0x101970:$str05: computer_name
      • 0x101994:$str06: timezone
      • 0x1018c4:$str07: current_path()
      • 0xff0a8:$str08: [json.exception.
      • 0x11502e:$str09: GDI32.dll
      • 0x1152a0:$str10: GdipGetImageEncoders
      • 0x115318:$str10: GdipGetImageEncoders
      • 0x114948:$str11: GetGeoInfoA
      Process Memory Space: gem1.exe PID: 7488JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        Process Memory Space: gem1.exe PID: 7488JoeSecurity_CredGrabberYara detected CredGrabberJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.gem1.exe.39def70.0.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
            0.2.gem1.exe.39def70.0.raw.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
            • 0xfd6dc:$str01: emoji
            • 0xffed8:$str02: %d-%m-%Y, %H:%M:%S
            • 0xfff40:$str03: [UTC
            • 0xfff4c:$str04: user_name
            • 0xfff70:$str05: computer_name
            • 0xfff94:$str06: timezone
            • 0xffec4:$str07: current_path()
            • 0xfd6a8:$str08: [json.exception.
            • 0x11362e:$str09: GDI32.dll
            • 0x1138a0:$str10: GdipGetImageEncoders
            • 0x113918:$str10: GdipGetImageEncoders
            • 0x112f48:$str11: GetGeoInfoA
            2.2.gem1.exe.400000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
              0.2.gem1.exe.39def70.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
                2.2.gem1.exe.400000.0.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
                • 0xfd6dc:$str01: emoji
                • 0xffed8:$str02: %d-%m-%Y, %H:%M:%S
                • 0xfff40:$str03: [UTC
                • 0xfff4c:$str04: user_name
                • 0xfff70:$str05: computer_name
                • 0xfff94:$str06: timezone
                • 0xffec4:$str07: current_path()
                • 0xfd6a8:$str08: [json.exception.
                • 0x11362e:$str09: GDI32.dll
                • 0x1138a0:$str10: GdipGetImageEncoders
                • 0x113918:$str10: GdipGetImageEncoders
                • 0x112f48:$str11: GetGeoInfoA
                Click to see the 5 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T10:14:02.588084+010020494411A Network Trojan was detected192.168.2.44973066.63.187.17315666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T10:14:02.588084+010020508061A Network Trojan was detected192.168.2.44973066.63.187.17315666TCP
                2025-01-10T10:14:02.593447+010020508061A Network Trojan was detected192.168.2.44973066.63.187.17315666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-10T10:14:02.588084+010020508071A Network Trojan was detected192.168.2.44973066.63.187.17315666TCP
                2025-01-10T10:14:02.593447+010020508071A Network Trojan was detected192.168.2.44973066.63.187.17315666TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: gem1.exeAvira: detected
                Found malware configuration
                Source: 0.2.gem1.exe.39def70.0.raw.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "66.63.187.173", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt; .doc; .xlsx", "build_name": "1", "links": "", "port": 15666}
                Multi AV Scanner detection for submitted file
                Source: gem1.exeVirustotal: Detection: 43%Perma Link
                Source: gem1.exeReversingLabs: Detection: 44%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                Machine Learning detection for sample
                Source: gem1.exeJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0047A610 CryptUnprotectData,LocalFree,2_2_0047A610
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0043D4A0 BCryptDestroyKey,2_2_0043D4A0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0047A950 CryptProtectData,LocalFree,2_2_0047A950
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0047AAE0 BCryptDecrypt,BCryptDecrypt,2_2_0047AAE0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00440B60 CryptUnprotectData,LocalFree,2_2_00440B60
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0047AE10 BCryptCloseAlgorithmProvider,2_2_0047AE10
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0047AE80 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,2_2_0047AE80
                Source: gem1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: gem1.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: System.Windows.Forms.pdb source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: mscorlib.pdb source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: System.ni.pdbRSDS source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: System.Windows.Forms.pdb4 source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: mscorlib.ni.pdb source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: Handler.pdb source: gem1.exe, WERD8C3.tmp.dmp.5.dr
                Source: Binary string: Handler.pdbha~a pa_CorExeMainmscoree.dll source: gem1.exe
                Source: Binary string: mscorlib.ni.pdbRSDS source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: Handler.pdbMZ@ source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: mscorlib.pdb( source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: System.ni.pdb source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: System.pdb source: WERD8C3.tmp.dmp.5.dr
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004402D0 FindFirstFileW,FindNextFileW,2_2_004402D0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004B84C0 FindClose,FindFirstFileExW,GetLastError,2_2_004B84C0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004B8545 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,2_2_004B8545
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004B84E0 FindFirstFileExW,2_2_004B84E0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00487550 GetLogicalDriveStringsW,2_2_00487550
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.4:49730 -> 66.63.187.173:15666
                Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.4:49730 -> 66.63.187.173:15666
                Source: global trafficTCP traffic: 192.168.2.4:49730 -> 66.63.187.173:15666
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.4:49730 -> 66.63.187.173:15666
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00485350 recv,recv,recv,recv,recv,recv,closesocket,WSACleanup,2_2_00485350
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                Source: gem1.exe, 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                Source: gem1.exe, 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/~
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00485F00 GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,2_2_00485F00

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.gem1.exe.39def70.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 2.2.gem1.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 0.2.gem1.exe.39def70.0.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 2.2.gem1.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 0.2.gem1.exe.38b9550.1.raw.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0048A0A0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,2_2_0048A0A0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0048A710 RtlAcquirePebLock,NtAllocateVirtualMemory,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,2_2_0048A710
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004422D02_2_004422D0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0043A2B02_2_0043A2B0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004464002_2_00446400
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004884002_2_00488400
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0043E4F02_2_0043E4F0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004395D02_2_004395D0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004877802_2_00487780
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004858402_2_00485840
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0043C9702_2_0043C970
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004479C02_2_004479C0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00459A062_2_00459A06
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0046EB702_2_0046EB70
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0046BCE02_2_0046BCE0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00439D602_2_00439D60
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00470EF02_2_00470EF0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0043BF702_2_0043BF70
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004620802_2_00462080
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004320A02_2_004320A0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004A70A72_2_004A70A7
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0042D1502_2_0042D150
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004791302_2_00479130
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004741902_2_00474190
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004612502_2_00461250
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004082702_2_00408270
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004B63802_2_004B6380
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004074702_2_00407470
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004624102_2_00462410
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0045C4C02_2_0045C4C0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0043D4A02_2_0043D4A0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0047E5802_2_0047E580
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0046B6202_2_0046B620
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004687502_2_00468750
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004197702_2_00419770
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0045C7002_2_0045C700
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004917CA2_2_004917CA
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0045D7A02_2_0045D7A0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004627A02_2_004627A0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0049687E2_2_0049687E
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004B68702_2_004B6870
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0043A8002_2_0043A800
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004938002_2_00493800
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0049F8A22_2_0049F8A2
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004619402_2_00461940
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004459502_2_00445950
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004789902_2_00478990
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004ACA4B2_2_004ACA4B
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00406AE02_2_00406AE0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004B3AE02_2_004B3AE0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00430AF02_2_00430AF0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0048AA802_2_0048AA80
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00414AA02_2_00414AA0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0045EAA02_2_0045EAA0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00476AB62_2_00476AB6
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00462B502_2_00462B50
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00482C4B2_2_00482C4B
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004BCC402_2_004BCC40
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00461CC02_2_00461CC0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00478D402_2_00478D40
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004B6D302_2_004B6D30
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004B1D302_2_004B1D30
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00440DE02_2_00440DE0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0043AE502_2_0043AE50
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0042EEA02_2_0042EEA0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00406F402_2_00406F40
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00444F502_2_00444F50
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00443F002_2_00443F00
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00456F002_2_00456F00
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00412FA02_2_00412FA0
                Source: C:\Users\user\Desktop\gem1.exeCode function: String function: 004AC500 appears 58 times
                Source: C:\Users\user\Desktop\gem1.exeCode function: String function: 004517F0 appears 53 times
                Source: C:\Users\user\Desktop\gem1.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 920
                Source: gem1.exe, 00000000.00000002.1846479305.00000000038B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamerasdlui.exej% vs gem1.exe
                Source: gem1.exe, 00000000.00000000.1683275182.0000000000478000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamerasdlui.exej% vs gem1.exe
                Source: gem1.exe, 00000000.00000002.1842881543.0000000000B1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs gem1.exe
                Source: gem1.exeBinary or memory string: OriginalFilenamerasdlui.exej% vs gem1.exe
                Source: gem1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: 0.2.gem1.exe.39def70.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 2.2.gem1.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 0.2.gem1.exe.39def70.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 2.2.gem1.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 0.2.gem1.exe.38b9550.1.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: gem1.exeStatic PE information: Section: .bss ZLIB complexity 1.0003138195647467
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/5@1/2
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0048CB50 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,2_2_0048CB50
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004473D0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,2_2_004473D0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00477EE0 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysStringByteLen,SysFreeString,SysFreeString,2_2_00477EE0
                Source: C:\Users\user\Desktop\gem1.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E69637EB967C5
                Source: C:\Users\user\Desktop\gem1.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7432:120:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7424
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\8575bffc-36a2-4b94-adbd-5e5163c8fa9eJump to behavior
                Source: gem1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: gem1.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\gem1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: gem1.exeVirustotal: Detection: 43%
                Source: gem1.exeReversingLabs: Detection: 44%
                Source: C:\Users\user\Desktop\gem1.exeFile read: C:\Users\user\Desktop\gem1.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\gem1.exe "C:\Users\user\Desktop\gem1.exe"
                Source: C:\Users\user\Desktop\gem1.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\gem1.exeProcess created: C:\Users\user\Desktop\gem1.exe "C:\Users\user\Desktop\gem1.exe"
                Source: C:\Users\user\Desktop\gem1.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 920
                Source: C:\Users\user\Desktop\gem1.exeProcess created: C:\Users\user\Desktop\gem1.exe "C:\Users\user\Desktop\gem1.exe"Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: gem1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: gem1.exeStatic file information: File size 1202688 > 1048576
                Source: gem1.exeStatic PE information: Raw size of .bss is bigger than: 0x100000 < 0x120a00
                Source: gem1.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: gem1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: System.Windows.Forms.pdb source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: mscorlib.pdb source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: System.ni.pdbRSDS source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: System.Windows.Forms.pdb4 source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: mscorlib.ni.pdb source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: Handler.pdb source: gem1.exe, WERD8C3.tmp.dmp.5.dr
                Source: Binary string: Handler.pdbha~a pa_CorExeMainmscoree.dll source: gem1.exe
                Source: Binary string: mscorlib.ni.pdbRSDS source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: Handler.pdbMZ@ source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: mscorlib.pdb( source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: System.ni.pdb source: WERD8C3.tmp.dmp.5.dr
                Source: Binary string: System.pdb source: WERD8C3.tmp.dmp.5.dr
                Source: gem1.exeStatic PE information: 0xD2E802CF [Sun Feb 15 22:33:51 2082 UTC]
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00446400 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_00446400
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004ACE0C push ecx; ret 2_2_004ACE1F
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0047E240 GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,ExitProcess,ReleaseMutex,CloseHandle,2_2_0047E240
                Source: C:\Users\user\Desktop\gem1.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeMemory allocated: 1090000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeMemory allocated: 28B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeMemory allocated: 48B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-49111
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004402D0 FindFirstFileW,FindNextFileW,2_2_004402D0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004B84C0 FindClose,FindFirstFileExW,GetLastError,2_2_004B84C0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004B8545 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,2_2_004B8545
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004B84E0 FindFirstFileExW,2_2_004B84E0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00487550 GetLogicalDriveStringsW,2_2_00487550
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00498574 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,2_2_00498574
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
                Source: Amcache.hve.5.drBinary or memory string: VMware
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: gem1.exe, 00000002.00000002.1863644496.0000000001755000.00000004.00000020.00020000.00000000.sdmp, gem1.exe, 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Users\user\Desktop\gem1.exeAPI call chain: ExitProcess graph end nodegraph_2-49131
                Source: C:\Users\user\Desktop\gem1.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0048A710 RtlAcquirePebLock,NtAllocateVirtualMemory,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,2_2_0048A710
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004BA04D IsDebuggerPresent,OutputDebugStringW,2_2_004BA04D
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00498574 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C2_2_00498574
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00446400 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_00446400
                Source: C:\Users\user\Desktop\gem1.exeCode function: 0_2_028B7F09 mov edi, dword ptr fs:[00000030h]0_2_028B7F09
                Source: C:\Users\user\Desktop\gem1.exeCode function: 0_2_028B8086 mov edi, dword ptr fs:[00000030h]0_2_028B8086
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004A6CD3 GetProcessHeap,2_2_004A6CD3
                Source: C:\Users\user\Desktop\gem1.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004AC6BF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_004AC6BF
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004AC80A SetUnhandledExceptionFilter,2_2_004AC80A
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00497B2D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00497B2D
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004ABFD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_004ABFD4
                Source: C:\Users\user\Desktop\gem1.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\Desktop\gem1.exeCode function: 0_2_028B7F09 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_028B7F09
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\gem1.exeMemory written: C:\Users\user\Desktop\gem1.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_0047D2F0 ShellExecuteW,OpenProcessToken,GetCurrentProcess,GetTokenInformation,std::ios_base::_Ios_base_dtor,2_2_0047D2F0
                Source: C:\Users\user\Desktop\gem1.exeProcess created: C:\Users\user\Desktop\gem1.exe "C:\Users\user\Desktop\gem1.exe"Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00486C50 cpuid 2_2_00486C50
                Source: C:\Users\user\Desktop\gem1.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_004A6109
                Source: C:\Users\user\Desktop\gem1.exeCode function: GetLocaleInfoEx,FormatMessageA,2_2_004B824D
                Source: C:\Users\user\Desktop\gem1.exeCode function: GetLocaleInfoW,2_2_004A620F
                Source: C:\Users\user\Desktop\gem1.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_004A62E5
                Source: C:\Users\user\Desktop\gem1.exeCode function: EnumSystemLocalesW,2_2_0049C70E
                Source: C:\Users\user\Desktop\gem1.exeCode function: EnumSystemLocalesW,2_2_004A5C67
                Source: C:\Users\user\Desktop\gem1.exeCode function: EnumSystemLocalesW,2_2_004A5C1A
                Source: C:\Users\user\Desktop\gem1.exeCode function: EnumSystemLocalesW,2_2_004A5C1C
                Source: C:\Users\user\Desktop\gem1.exeCode function: GetLocaleInfoW,2_2_0049CCB0
                Source: C:\Users\user\Desktop\gem1.exeCode function: EnumSystemLocalesW,2_2_004A5D02
                Source: C:\Users\user\Desktop\gem1.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_004A5D8D
                Source: C:\Users\user\Desktop\gem1.exeCode function: GetLocaleInfoW,2_2_004A5FE0
                Source: C:\Users\user\Desktop\gem1.exeQueries volume information: C:\Users\user\Desktop\gem1.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_00497EC8 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,2_2_00497EC8
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004863F0 GetUserNameW,2_2_004863F0
                Source: C:\Users\user\Desktop\gem1.exeCode function: 2_2_004A1074 GetTimeZoneInformation,2_2_004A1074
                Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

                Stealing of Sensitive Information

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: gem1.exe PID: 7488, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.gem1.exe.39def70.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.gem1.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.gem1.exe.39def70.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.gem1.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.gem1.exe.38b9550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: gem1.exe PID: 7488, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: gem1.exe, 00000002.00000002.1863644496.0000000001734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\config=
                Source: gem1.exe, 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\config
                Source: gem1.exe, 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
                Source: gem1.exe, 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
                Source: gem1.exe, 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Source: gem1.exe, 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Users\user\Desktop\gem1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\gem1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\gem1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: gem1.exe PID: 7488, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.gem1.exe.39def70.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.gem1.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.gem1.exe.39def70.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.gem1.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.gem1.exe.38b9550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: gem1.exe PID: 7488, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Native API                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		11
                Disable or Modify Tools                		1
                OS Credential Dumping                		12
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory1
                Account Discovery                		Remote Desktop Protocol2
                Data from Local System                		21
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Access Token Manipulation                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		1
                Non-Standard Port                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook211
                Process Injection                		1
                Software Packing                		NTDS34
                System Information Discovery                		Distributed Component Object Model1
                Email Collection                		2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Timestomp                		LSA Secrets1
                Query Registry                		SSHKeylogging3
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials41
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Virtualization/Sandbox Evasion                		DCSync2
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Access Token Manipulation                		Proc Filesystem2
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt211
                Process Injection                		/etc/passwd and /etc/shadow1
                System Owner/User Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                System Network Configuration Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                gem1.exe44%VirustotalBrowse
                gem1.exe45%ReversingLabsWin32.Trojan.Jalapeno
                gem1.exe100%AviraHEUR/AGEN.1359509
                gem1.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                api.ipify.org
                		104.26.12.205
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://api.ipify.org/false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://upx.sf.netAmcache.hve.5.drfalse
                      		high
                      https://api.ipify.org/~gem1.exe, 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        104.26.12.205
                        		api.ipify.orgUnited States
                        		13335CLOUDFLARENETUSfalse
                        66.63.187.173
                        		unknownUnited States
                        		8100ASN-QUADRANET-GLOBALUStrue

                        General Information

                        Joe Sandbox version:42.0.0 Malachite
                        Analysis ID:1587387
                        Start date and time:2025-01-10 10:13:07 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 5m 9s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:10
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:gem1.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@5/5@1/2
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 99%
                        • Number of executed functions: 84
                        • Number of non-executed functions: 44
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 52.182.143.212, 40.126.32.76, 20.109.210.53, 13.107.246.45
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing disassembly code.
                        • Report size exceeded maximum capacity and may have missing network information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        04:14:15API Interceptor1x Sleep call for process: WerFault.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        104.26.12.205Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                        • api.ipify.org/
                        RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                        • api.ipify.org/
                        jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                        • api.ipify.org/?format=text
                        xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                        • api.ipify.org/
                        GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                        • api.ipify.org/
                        8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                        • api.ipify.org/
                        Simple2.exeGet hashmaliciousUnknownBrowse
                        • api.ipify.org/
                        Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                        • api.ipify.org/
                        Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                        • api.ipify.org/
                        6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                        • api.ipify.org/
                        66.63.187.173drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                          drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                              file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                api.ipify.orghttps://www.tremendous.com/email/activate/yE_yBdRtyVv4Xqgg7hu_Get hashmaliciousUnknownBrowse
                                • 172.67.74.152
                                https://marcuso-wq.github.io/home/Get hashmaliciousHTMLPhisherBrowse
                                • 172.67.74.152
                                drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                • 172.67.74.152
                                https://vq6btbhdpo.nutignaera.shop/?email=YWxlamFuZHJvLmdhcnJpZG9Ac2VhYm9hcmRtYXJpbmUuY29tGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                • 104.26.12.205
                                EZZGTmJj4O.exeGet hashmaliciousAgentTeslaBrowse
                                • 104.26.13.205
                                proforma invoice pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • 104.26.12.205
                                mail (4).emlGet hashmaliciousUnknownBrowse
                                • 172.67.74.152
                                random.exeGet hashmaliciousCStealerBrowse
                                • 104.26.12.205
                                random.exeGet hashmaliciousCStealerBrowse
                                • 172.67.74.152
                                http://sammobile.digidip.net/visit?url=https://massageclinic.com.au/wadblacks2&currurl=https://www.sammobile.com/2018/06/06/june-2018-security-patch-information-published-by-samsung/Get hashmaliciousGabagoolBrowse
                                • 104.26.13.205

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                CLOUDFLARENETUShttp://pdfdrive.com.coGet hashmaliciousUnknownBrowse
                                • 104.21.11.245
                                RFQ SHEETS PX2 MULE25 SHENZHEN LUCKY.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                • 104.21.80.1
                                https://ctrk.klclick3.com/l/01JGXREPA9AKCFABSME4GFWDDZ_0#YWxhaW5femllZ2xlckB6aWVnbGVyZ3JvdXAuY29tGet hashmaliciousUnknownBrowse
                                • 172.66.43.95
                                http://www.singhs.lvGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                • 104.18.11.207
                                http://18ofcontents.shopGet hashmaliciousUnknownBrowse
                                • 104.21.96.1
                                https://www.dcamarketintelligence.com/tdtGet hashmaliciousUnknownBrowse
                                • 104.26.15.92
                                1162-201.exeGet hashmaliciousFormBookBrowse
                                • 104.21.64.1
                                https://cdn.btmessage.com/Get hashmaliciousHTMLPhisherBrowse
                                • 172.67.74.232
                                http://www.austrata.net.auGet hashmaliciousUnknownBrowse
                                • 1.1.1.1
                                https://www.cineuserdad.ecGet hashmaliciousUnknownBrowse
                                • 188.114.96.3
                                ASN-QUADRANET-GLOBALUSarmv5l.elfGet hashmaliciousUnknownBrowse
                                • 104.237.80.14
                                30% Order payment-BLQuote_'PO#385995790.exeGet hashmaliciousAsyncRATBrowse
                                • 69.174.100.131
                                drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                • 66.63.187.173
                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XWorm, XmrigBrowse
                                • 66.63.187.122
                                drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                • 66.63.187.173
                                drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                • 66.63.187.173
                                file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                • 66.63.187.173
                                Fantazy.spc.elfGet hashmaliciousUnknownBrowse
                                • 104.223.10.34
                                1.elfGet hashmaliciousUnknownBrowse
                                • 72.11.146.74

                                JA3 Fingerprints

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                37f463bf4616ecd445d4a1937da06e19FIWszl1A8l.exeGet hashmaliciousGhostRatBrowse
                                • 104.26.12.205
                                2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                • 104.26.12.205
                                n41dQbiw1Y.exeGet hashmaliciousBabuk, DjvuBrowse
                                • 104.26.12.205
                                stage3.exeGet hashmaliciousCobaltStrikeBrowse
                                • 104.26.12.205
                                1C24TDP_000000029.jseGet hashmaliciousMassLogger RATBrowse
                                • 104.26.12.205
                                drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                • 104.26.12.205
                                DyM4yXX.exeGet hashmaliciousVidarBrowse
                                • 104.26.12.205
                                http://cipassoitalia.itGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                • 104.26.12.205
                                DHL_Awb_Shipping_Invoice_doc_010720257820020031808174CN1800301072025.bat.exeGet hashmaliciousRemcosBrowse
                                • 104.26.12.205
                                xCnwCctDWC.exeGet hashmaliciousLummaCBrowse
                                • 104.26.12.205

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_gem1.exe_daf150691981ac57c1cc14cff3d12fbabf996950_5a516dd6_359ee541-9ebf-4f51-9769-73b089985af5\Report.wer

                                Download File
                                Process:C:\Windows\SysWOW64\WerFault.exe
                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):65536
                                Entropy (8bit):0.8876693850403955
                                Encrypted:false
                                SSDEEP:96:zrFneJ2RZsrtcBjTOAqyS3QXIDcQlc6VcEdcw3d+BHUHZ0ownOgHkEwH3dEFYAKk:HFW2RZ4A0LR3saGGzuiFcXZ24IO8tg
                                MD5:3A38398EF47A57EB036E9D6A43EE3ADF
                                SHA1:00F7654E06069D414E51FA1AFB88132C929FBB18
                                SHA-256:4E9442194B2B725C832215AFC9EF1CFA41DBB47A3C8B6EE8B05FEE37F7AC596B
                                SHA-512:88D61FA4F8109CA9E8F05E2AAD935D2CC9ECF5FBBEB98D27D29C177C05ADDBA28DDE96B72649A7DBFFCF56A745A80706B7AFD02C8B0BF84AF9904E6B43CD9BA6
                                Malicious:true
                                Reputation:low
                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.9.7.4.0.4.0.1.4.2.0.4.1.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.9.7.4.0.4.0.6.4.2.0.4.3.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.5.9.e.e.5.4.1.-.9.e.b.f.-.4.f.5.1.-.9.7.6.9.-.7.3.b.0.8.9.9.8.5.a.f.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.6.1.f.a.c.3.0.-.1.e.9.2.-.4.c.6.4.-.8.e.9.2.-.0.8.2.8.b.4.8.b.d.0.8.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.g.e.m.1...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.r.a.s.d.l.u.i...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.0.0.-.0.0.0.1.-.0.0.1.4.-.0.4.1.f.-.a.a.f.b.3.f.6.3.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.0.9.c.7.0.1.5.2.1.1.1.1.7.5.9.b.d.9.b.5.0.9.9.5.7.1.c.0.3.3.d.0.0.0.0.0.9.0.4.!.0.0.0.0.7.7.7.2.2.8.6.1.6.a.1.8.b.9.8.1.0.3.5.9.4.2.7.6.7.7.5.1.8.8.b.5.e.1.3.8.f.a.1.1.!.g.e.m.1...e.

                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERD8C3.tmp.dmp

                                Download File
                                Process:C:\Windows\SysWOW64\WerFault.exe
                                File Type:Mini DuMP crash report, 15 streams, Fri Jan 10 09:14:00 2025, 0x1205a4 type
                                Category:dropped
                                Size (bytes):150730
                                Entropy (8bit):3.793986471299223
                                Encrypted:false
                                SSDEEP:1536:kujSQuBojRypN4uE2aOidLTgngJY1A0k0utTHAcACDyQY:ru0U4uEqSLTgwpscbN
                                MD5:2E788C6D1440A3227A8AFF82AC7875A7
                                SHA1:4DE8CAEA483E9F7815FDC775A8A8C39B709A04DE
                                SHA-256:87427DD5B59B4902597C31BED9B56A5E771F0F3C41BEC6B6C70CE9F4AFEA277B
                                SHA-512:D28752C4BACB6683D6A3CFAF9C948E29773BBA03A2FA6D983A01DA9492E853B7A48525401F1C005513BF465408802010F30FB046ABAFC9405D89B0BEA5AB3034
                                Malicious:false
                                Reputation:low
                                Preview:MDMP..a..... .........g....................................$...........d..../..........`.......8...........T...........($...(......................................................................................................eJ......P.......GenuineIntel............T.............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERD98F.tmp.WERInternalMetadata.xml

                                Download File
                                Process:C:\Windows\SysWOW64\WerFault.exe
                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):8378
                                Entropy (8bit):3.687977762481962
                                Encrypted:false
                                SSDEEP:192:R6l7wVeJid64K6Y94LSU93iOgmf6sVJoprt89bLTsfYZm:R6lXJw6d6YcSU93iOgmf6sVJHL4fr
                                MD5:799EA891B46A61FB3F66471356EF0207
                                SHA1:7B516E1A3448DE5B87F406800B97E332BC96C1C7
                                SHA-256:20586F598C94C50DD25BAAE05E91F2EAE5235511A7C9E87658933CA74F9CC26D
                                SHA-512:526C3FD91FE2F6C472D3F07FC70947C7D1741D8F892AA09C36C17C76186C9B67AB31747905B21AD406F85AC72556C82463DEAE54E9B3C07ACC6EB9E8CB5EED04
                                Malicious:false
                                Reputation:low
                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.2.4.<./.P.i.

                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERD9AF.tmp.xml

                                Download File
                                Process:C:\Windows\SysWOW64\WerFault.exe
                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):4741
                                Entropy (8bit):4.438754209378269
                                Encrypted:false
                                SSDEEP:48:cvIwWl8zsKJg77aI9TYWpW8VY2/Ym8M4J9dxPcf6FR+q8vedxPcfFjQ/TMJd:uIjfYI79R7VcJSfiKDfBQ/TMJd
                                MD5:DEF52CAEB79A0A26A99A977C26D27916
                                SHA1:0230224F2BDB51A2A48D7CFED11FE4CFD1BCA1DE
                                SHA-256:44C8D18AEC30982B7DD5EA2B4AB7345689ADE4DD4854D27AB540848CDBCF0086
                                SHA-512:69E0A573F987F8BC6F217D3BA3D38A843543D0F5D3B6B49E825D0BF8E08C95377EA00BB07743272D15F5F825EE019FEBB57594F79159FE8A1B5FD7793C24501E
                                Malicious:false
                                Reputation:low
                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="669616" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                C:\Windows\appcompat\Programs\Amcache.hve

                                Download File
                                Process:C:\Windows\SysWOW64\WerFault.exe
                                File Type:MS Windows registry file, NT/2000 or above
                                Category:dropped
                                Size (bytes):1835008
                                Entropy (8bit):4.466016876950458
                                Encrypted:false
                                SSDEEP:6144:cIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN/dwBCswSba:hXD94+WlLZMM6YFHN+a
                                MD5:06632F3C5B954690CC01716ECBE7098F
                                SHA1:0A0EA024F51F6A63A62B29DA624CB85871937E65
                                SHA-256:C67922EC43A9E9C2800932EE6645439AD1CE9A93241FB0855EAFA987F1DBB0FE
                                SHA-512:043158F899AFA3ECA773EFC93C7559B87D5F26F98633BB251164E3C3FFABFFFADBCF26DF770DF1956018AF753C481C041AB12A0B9F92530F7A0611ECD8DC2CA5
                                Malicious:false
                                Reputation:low
                                Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.G..?c..............................................................................................................................................................................................................................................................................................................................................w...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                Static File Info

                                General

                                File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):7.995614545523129
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                • Generic Win/DOS Executable (2004/3) 0.01%
                                File name:gem1.exe
                                File size:1'202'688 bytes
                                MD5:d61ac037c333f1bc288c1a96a4db7c21
                                SHA1:777228616a18b98103594276775188b5e138fa11
                                SHA256:f5946e9f0ab4dbbd8d8171e708607c98df283cb1a6145444ba6a5f86bb2b0896
                                SHA512:1aae796964099e22c3ebf8632ded9a451f01161ca6d837cd447524c58088ab05e0cfff6d297495e97b3b1a370b98b563937334f0306095b8c625641430288999
                                SSDEEP:24576:R06mH2AfjusEQ3MWTwGxXjbAnpiYQ7eVGKtFwVrJL/tXjuD/:RLmH2AfisEQ5XInpI74arx/tXj+/
                                TLSH:CB45330CFA0BDD2AC37E3D3704940F5095B0A39B1CABAD63744C715A87A65BB9E21E34
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..B...........a... ........@.. ...............................(....`................................

                                File Icon

                                Icon Hash:90cececece8e8eb0

                                Static PE Info

                                General

                                Entrypoint:0x40618e
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows cui
                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0xD2E802CF [Sun Feb 15 22:33:51 2082 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                Entrypoint Preview

                                Instruction
                                jmp dword ptr [00402000h]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x61400x4b.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x80000x622.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xa0000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x60fb0x1c.text
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000x41940x420011cdbebce84b96e38e64a2b9c59e8d1bFalse0.5025449810606061data5.882910829160536IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rsrc0x80000x6220x800475a49e737227fab34df740bd3b803cbFalse0.35693359375data3.5546778997020008IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0xa0000xc0x20008f8b9a9c6ae80bfba002f5f6811ac8cFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                .bss0xc0000x120a000x120a0087683f9c6e56b779ac24db4cddd7e7afFalse1.0003138195647467data7.999864651279933IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_VERSION0x80a00x398OpenPGP Secret KeyEnglishUnited States0.45760869565217394
                                RT_MANIFEST0x84380x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                Imports

                                DLLImport
                                mscoree.dll_CorExeMain

                                Possible Origin

                                Language of compilation systemCountry where language is spokenMap
                                EnglishUnited States

                                Network Behavior

                                Suricata IDS Alerts

                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                2025-01-10T10:14:02.588084+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.44973066.63.187.17315666TCP
                                2025-01-10T10:14:02.588084+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973066.63.187.17315666TCP
                                2025-01-10T10:14:02.588084+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973066.63.187.17315666TCP
                                2025-01-10T10:14:02.593447+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973066.63.187.17315666TCP
                                2025-01-10T10:14:02.593447+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973066.63.187.17315666TCP

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jan 10, 2025 10:14:00.626399994 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:00.631534100 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:00.631620884 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:00.691359997 CET49731443192.168.2.4104.26.12.205
                                Jan 10, 2025 10:14:00.691411972 CET44349731104.26.12.205192.168.2.4
                                Jan 10, 2025 10:14:00.691489935 CET49731443192.168.2.4104.26.12.205
                                Jan 10, 2025 10:14:00.698147058 CET49731443192.168.2.4104.26.12.205
                                Jan 10, 2025 10:14:00.698226929 CET44349731104.26.12.205192.168.2.4
                                Jan 10, 2025 10:14:01.235176086 CET44349731104.26.12.205192.168.2.4
                                Jan 10, 2025 10:14:01.235269070 CET49731443192.168.2.4104.26.12.205
                                Jan 10, 2025 10:14:01.309976101 CET49731443192.168.2.4104.26.12.205
                                Jan 10, 2025 10:14:01.310023069 CET44349731104.26.12.205192.168.2.4
                                Jan 10, 2025 10:14:01.310590982 CET44349731104.26.12.205192.168.2.4
                                Jan 10, 2025 10:14:01.310709000 CET49731443192.168.2.4104.26.12.205
                                Jan 10, 2025 10:14:01.313864946 CET49731443192.168.2.4104.26.12.205
                                Jan 10, 2025 10:14:01.355351925 CET44349731104.26.12.205192.168.2.4
                                Jan 10, 2025 10:14:01.421376944 CET44349731104.26.12.205192.168.2.4
                                Jan 10, 2025 10:14:01.421427965 CET44349731104.26.12.205192.168.2.4
                                Jan 10, 2025 10:14:01.421561956 CET49731443192.168.2.4104.26.12.205
                                Jan 10, 2025 10:14:01.421561956 CET49731443192.168.2.4104.26.12.205
                                Jan 10, 2025 10:14:01.422513962 CET49731443192.168.2.4104.26.12.205
                                Jan 10, 2025 10:14:01.422576904 CET44349731104.26.12.205192.168.2.4
                                Jan 10, 2025 10:14:02.588083982 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.593281031 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.593312025 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.593338013 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.593364954 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.593390942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.593446970 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.593487024 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.593513966 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.593556881 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.593561888 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.593588114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.593614101 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.593650103 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.593739986 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.593813896 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.598485947 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598664045 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.598695993 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598725080 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598751068 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598754883 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.598778009 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598783970 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.598803997 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598812103 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.598850965 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598855972 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.598877907 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598903894 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598929882 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598933935 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.598956108 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598988056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.598989964 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.599023104 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.599052906 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.603944063 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.603971004 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.604017973 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.604020119 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.604043961 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.604075909 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.604090929 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.604115009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.604118109 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.604159117 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.604173899 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.604202032 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.604231119 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.604238987 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.604274988 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.604276896 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.604330063 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.604353905 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.604410887 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609150887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609208107 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609266996 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609293938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609325886 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609343052 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609344959 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609369993 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609417915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609426975 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609445095 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609467030 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609471083 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609493971 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609503031 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609520912 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609551907 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609553099 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609580994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609600067 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609606981 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609627008 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609653950 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609653950 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609679937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609707117 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609711885 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609724998 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609754086 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609757900 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609781027 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609806061 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609807014 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609821081 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609833002 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609855890 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609879971 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609880924 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609906912 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609931946 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609931946 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609956980 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.609958887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.609972000 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.610006094 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.610006094 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.610033989 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.610049963 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.610078096 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615060091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615086079 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615115881 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615143061 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615214109 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615269899 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615295887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615331888 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615345955 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615348101 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615391016 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615430117 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615487099 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615569115 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615596056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615619898 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615645885 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615683079 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615709066 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615735054 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615748882 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615761042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615776062 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615797043 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615809917 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615823984 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615849018 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615852118 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615865946 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615879059 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615900040 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615915060 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615921974 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615942001 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615956068 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.615984917 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.615989923 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.616010904 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.616030931 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.616046906 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.616054058 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.616074085 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.616091967 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.616100073 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.616125107 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.616126060 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.616137981 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.616173983 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.616175890 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.616203070 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.616225004 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.616228104 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.616247892 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.616255045 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.616269112 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.616281033 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.616305113 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.616328955 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.620196104 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.620264053 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.620359898 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.620385885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.620498896 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.620524883 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.620526075 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.620570898 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.620598078 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.620615005 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.620630026 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.620650053 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.620677948 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621237993 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621263981 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621298075 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621311903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621321917 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621337891 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621367931 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621390104 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621408939 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621436119 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621464968 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621481895 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621489048 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621507883 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621541023 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621555090 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621570110 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621582031 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621608019 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621614933 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621634960 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621634960 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621653080 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621680975 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621682882 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621707916 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621736050 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621753931 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621757030 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621781111 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621818066 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621826887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621840000 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621853113 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621886015 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621902943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621903896 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.621929884 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621974945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.621982098 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.622000933 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.622021914 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.622026920 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.622040987 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.622054100 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.622107029 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.622118950 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.622145891 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.622168064 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.622170925 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.622206926 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.622221947 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.622250080 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.622277021 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.625093937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.625153065 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.625431061 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.625485897 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.625570059 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.625600100 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.625631094 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.625663042 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.625695944 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.625722885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.625755072 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.625768900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.625777006 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.625796080 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.625822067 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.625825882 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.625844955 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.625868082 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.626243114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.626301050 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627047062 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627108097 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627175093 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627202034 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627228975 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627232075 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627259016 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627285004 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627296925 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627357960 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627424955 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627450943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627480984 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627484083 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627506971 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627520084 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627557039 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627573967 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627599955 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627629042 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627645969 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627651930 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627679110 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627701044 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627724886 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627738953 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627752066 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627780914 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627798080 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627804041 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627824068 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627871037 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627871037 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627899885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627929926 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627942085 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.627955914 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.627989054 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.628004074 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.628015041 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.628031969 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.628057957 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.628062963 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.628084898 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.628102064 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.628104925 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.628133059 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.628160000 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.628175020 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.628180027 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.628221035 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.628231049 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.628247976 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.628273964 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.628281116 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.628305912 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.628331900 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.630040884 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.630105019 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.630315065 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.630362988 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.630637884 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.630693913 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.630760908 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.630788088 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.630829096 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.630911112 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.630960941 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.630971909 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.631026030 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.631041050 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.631067038 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.631098032 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.631099939 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.631124020 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.631124020 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.631151915 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.631170034 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.632152081 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.632179022 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.632205963 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.632225990 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.632229090 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.632255077 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.632283926 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.632283926 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.632317066 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.632338047 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633208036 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633234024 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633276939 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633286953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633312941 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633338928 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633346081 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633364916 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633373976 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633394957 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633413076 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633415937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633444071 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633466959 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633490086 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633490086 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633517981 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633539915 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633546114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633563042 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633570910 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633608103 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633625984 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633632898 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633660078 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633685112 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633691072 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633709908 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633722067 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633757114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633771896 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633783102 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633809090 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633816957 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633835077 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633836031 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633856058 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633882046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633886099 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633909941 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633934975 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633936882 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633960009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.633960962 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.633985043 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.634006977 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.634010077 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.634032965 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.634059906 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.634063005 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.634087086 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.634089947 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.634114027 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.634114027 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.634134054 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.634191990 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.635063887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.635119915 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.635190964 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.635237932 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.635679007 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.635740995 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.635783911 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.635814905 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.635837078 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.635865927 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.635936022 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.635962009 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.635992050 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.636023045 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.636133909 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.636194944 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.636234045 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.636260986 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.636290073 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.636310101 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.636338949 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.636364937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.636390924 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.636411905 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.637098074 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.637145996 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.637151957 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.637171984 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.637197971 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.637223959 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.637316942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.637342930 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.637372017 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.637402058 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639044046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639071941 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639096975 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639117956 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639148951 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639170885 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639174938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639200926 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639202118 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639224052 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639226913 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639261007 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639280081 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639281988 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639306068 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639344931 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639347076 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639370918 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639377117 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639416933 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639422894 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639439106 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639451027 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639470100 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639477968 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639496088 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639503956 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639529943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639538050 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639555931 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639556885 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639583111 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639602900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639606953 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639630079 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639655113 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639681101 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639681101 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639707088 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639709949 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639733076 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639745951 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639780045 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639781952 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639806986 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639832973 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639837980 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639858007 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639862061 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639889002 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639904022 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639915943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639941931 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639965057 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639967918 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.639987946 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.639995098 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.640021086 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.640042067 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.640064955 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.640099049 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.640151024 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.640206099 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.640618086 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.640666008 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.640676022 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.640692949 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.640713930 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.640737057 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.640902042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.640928030 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.640954018 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.640957117 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.640979052 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.641004086 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.641123056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.641170025 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.641176939 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.641196966 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.641227007 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.641246080 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.641269922 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.641272068 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.641300917 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.641321898 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.641964912 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.642019987 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.642050028 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.642102957 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.642327070 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.642353058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.642379045 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.642383099 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.642409086 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.642409086 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.642431021 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.642457008 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.644901037 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.644927979 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.644953966 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.644957066 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.644980907 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.644999027 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645014048 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645040035 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645073891 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645101070 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645108938 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645128012 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645157099 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645175934 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645178080 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645203114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645229101 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645231009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645252943 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645277023 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645277977 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645303965 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645329952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645334005 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645356894 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645375967 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645380974 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645404100 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645428896 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645433903 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645457029 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645458937 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645482063 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645483017 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645507097 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645509005 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645529032 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645560980 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645565987 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645587921 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645606995 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645613909 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645632982 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645641088 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645668983 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645688057 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645690918 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645714998 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645740032 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645741940 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645761967 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645766973 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645786047 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645793915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645819902 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645828009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645865917 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645867109 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645894051 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645919085 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645925045 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645945072 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645947933 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645966053 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645971060 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.645988941 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.645998001 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646023035 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646023989 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646045923 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646049976 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646073103 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646096945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646106958 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646123886 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646151066 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646153927 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646174908 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646177053 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646194935 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646204948 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646230936 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646235943 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646258116 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646258116 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646295071 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646306038 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646322966 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646332979 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646378040 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646387100 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646404982 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646420956 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646431923 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646450043 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646472931 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.646874905 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.646929979 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.647078037 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.647134066 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.647295952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.647342920 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.647349119 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.647368908 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.647406101 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.647439003 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.647492886 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.647542000 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651402950 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651432037 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651458025 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651489973 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651510954 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651539087 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651563883 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651565075 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651592016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651612997 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651638031 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651639938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651667118 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651693106 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651696920 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651719093 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651721001 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651741982 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651766062 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651774883 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651792049 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651818037 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651825905 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651844025 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651890039 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651891947 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651916981 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651937962 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651942015 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651968002 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.651968956 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651988983 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.651994944 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652015924 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652021885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652043104 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652071953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652076006 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652098894 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652123928 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652128935 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652152061 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652154922 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652177095 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652178049 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652204037 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652205944 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652225971 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652250051 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652250051 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652276993 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652302027 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652303934 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652328014 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652329922 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652354002 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652358055 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652379990 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652380943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652400970 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652407885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652432919 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652445078 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652466059 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652481079 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652486086 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652508974 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652535915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652535915 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652561903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652568102 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652587891 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652595997 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652614117 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652617931 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652640104 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652643919 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652667046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652667046 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652688980 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652693987 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652719975 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652731895 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652745962 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652771950 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652786970 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652808905 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652820110 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652846098 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652870893 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652873993 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652896881 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652896881 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652923107 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652925968 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652949095 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.652949095 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652976036 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.652986050 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.653002024 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.653013945 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.653028965 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.653044939 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.653054953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.653080940 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.653084993 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.653104067 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.653105974 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.653127909 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.653134108 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.653168917 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.653194904 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.657959938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.658019066 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.680227041 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.680600882 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.680825949 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.680879116 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.685631037 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.685713053 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.685817957 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.685846090 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.685873032 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.685899019 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.685924053 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.685976982 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686002016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686028004 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686027050 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686054945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686079979 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686125994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686131954 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686151981 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686173916 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686180115 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686192989 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686207056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686229944 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686233044 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686250925 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686259031 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686304092 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686306000 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686333895 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686358929 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686361074 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686383009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686384916 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686404943 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686410904 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686431885 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686436892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686451912 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686489105 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686496019 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686515093 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686537981 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686543941 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686570883 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686570883 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686599016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.686599970 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686621904 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.686641932 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.728310108 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.728719950 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.728935003 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.728996038 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.776268005 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.776667118 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.776886940 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.776946068 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.781780005 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.781958103 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.781986952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782012939 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782040119 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782038927 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782067060 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782094002 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782119036 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782141924 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782156944 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782171011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782197952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782198906 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782223940 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782224894 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782248974 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782252073 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782270908 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782279015 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782326937 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782327890 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782355070 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782381058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782392025 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782407045 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782432079 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782433033 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782454967 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782459974 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782478094 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782488108 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782550097 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782548904 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782577991 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782604933 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782624960 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782632113 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782649994 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782660007 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782675982 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782707930 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782710075 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782737970 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782763958 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782783985 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782790899 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782816887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782843113 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782849073 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782875061 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782892942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782902002 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782919884 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782944918 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782946110 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782970905 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.782980919 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.782998085 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783003092 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783023119 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783025026 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783042908 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783051968 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783088923 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783099890 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783116102 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783128023 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783154011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783154011 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783179045 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783180952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783200026 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783207893 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783225060 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783235073 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783257008 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783262968 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783278942 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783288956 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783310890 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783337116 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783360958 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783396006 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783397913 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783426046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783447981 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783452988 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783473969 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783480883 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783502102 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783509016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783529997 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783536911 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783564091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783590078 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783595085 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783616066 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783620119 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783642054 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783643007 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783664942 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783670902 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783696890 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783730984 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783745050 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783752918 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783772945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783792973 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783799887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783816099 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783828020 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783850908 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783853054 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783879995 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783895016 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783906937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783930063 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.783934116 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783962011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.783967972 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.784009933 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.788772106 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.788845062 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.788892984 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.788922071 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.788952112 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.788969040 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.788978100 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.788996935 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789022923 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789022923 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789045095 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789051056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789068937 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789079905 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789098024 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789129972 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789141893 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789156914 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789182901 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789185047 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789207935 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789208889 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789239883 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789262056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789266109 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789288998 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789314985 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789314985 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789335012 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789340973 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789390087 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789391994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789417982 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789444923 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789475918 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789491892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789500952 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789519072 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789546013 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789546013 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789570093 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789576054 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789594889 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789603949 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789650917 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789654970 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789681911 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789707899 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789710999 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789732933 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789736032 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789764881 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789778948 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789784908 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789805889 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789832115 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789832115 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789853096 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789860010 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789886951 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789896011 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789931059 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.789932966 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789959908 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789985895 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.789988041 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790011883 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790014029 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790034056 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790039062 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790079117 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790088892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790117025 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790148020 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790162086 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790169954 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790189028 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790211916 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790215015 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790230989 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790241957 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790266991 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790288925 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790288925 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790316105 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790337086 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790343046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790359974 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790369034 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790411949 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790416002 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790443897 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790467978 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790468931 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790493965 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790513039 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790515900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790544987 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790570021 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790596008 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790596962 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790621996 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790626049 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790649891 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790668011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790673018 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790702105 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790729046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790730953 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790755033 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790756941 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790782928 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790801048 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790802002 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790827990 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790854931 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790855885 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790878057 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790883064 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790899992 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790910959 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790937901 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790944099 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790966988 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.790985107 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.790987968 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.791013002 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.791038036 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.791038990 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.791064978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.791065931 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.791085958 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.791093111 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.791117907 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.791119099 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.791140079 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.791143894 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.791176081 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.791197062 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796008110 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796082973 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796109915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796194077 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796196938 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796221972 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796269894 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796282053 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796298027 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796329975 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796344042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796355963 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796370983 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796390057 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796397924 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796425104 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796432018 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796461105 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796472073 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796499968 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796525955 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796554089 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796560049 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796601057 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796602964 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796627998 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796653986 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796657085 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796679020 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796679974 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796710968 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796732903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796737909 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796761036 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796787024 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796791077 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796813965 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796814919 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796839952 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796839952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796868086 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796885014 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796911001 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796916962 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796930075 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796947956 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796973944 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.796979904 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.796998978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797002077 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797023058 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797039986 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797050953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797077894 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797101021 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797103882 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797121048 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797131062 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797152996 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797177076 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797178030 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797205925 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797230959 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797230959 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797254086 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797257900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797272921 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797296047 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797307014 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797333956 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797355890 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797358990 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797377110 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797385931 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797401905 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797416925 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797440052 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797442913 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.797460079 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.797482967 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.838278055 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.838690996 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.838932991 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.839006901 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.843986034 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844124079 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844151974 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844157934 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844180107 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844233036 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844242096 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844259977 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844281912 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844288111 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844315052 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844319105 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844348907 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844367981 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844369888 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844394922 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844422102 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844430923 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844449043 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844475985 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844497919 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844500065 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844525099 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844552994 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844553947 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844574928 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844580889 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844594002 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844609022 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844635010 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844647884 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844680071 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844681025 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844708920 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844733953 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844734907 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844753027 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844763041 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844777107 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844789982 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844813108 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844818115 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844840050 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844846010 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844865084 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844872952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844914913 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.844922066 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844949961 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844974995 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.844985962 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.845000982 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.845010042 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.845026970 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.845031977 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.845052004 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.845053911 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.845073938 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.845081091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.845107079 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.845113039 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.845132113 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.845133066 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.845151901 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.845181942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.845182896 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.845210075 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.845237017 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.845237970 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.845262051 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.845292091 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.892353058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.892671108 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.892930031 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.893044949 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.910861015 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.911277056 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.911501884 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.911603928 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.916337967 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916502953 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.916527987 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916558981 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916579962 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.916587114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916614056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916614056 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.916642904 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916656017 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.916670084 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916696072 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.916714907 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.916718960 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916745901 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916771889 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916774988 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.916798115 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916811943 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.916841984 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.916845083 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916872025 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916930914 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.916951895 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.916979074 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917005062 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917007923 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917030096 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917032957 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917049885 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917059898 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917073965 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917087078 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917105913 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917131901 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917134047 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917161942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917187929 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917191029 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917212963 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917212963 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917237997 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917260885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917263985 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917287111 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917314053 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917334080 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917347908 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917360067 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917390108 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917406082 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917411089 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917433023 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917459011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917459965 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917484999 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917484999 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917514086 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917534113 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917536974 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917565107 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917593002 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917594910 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917619944 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917622089 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917640924 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917670965 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917679071 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917697906 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917723894 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917743921 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917748928 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917771101 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917798042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917799950 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917821884 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917824030 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917870998 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917872906 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917897940 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917923927 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.917927980 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917947054 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.917973042 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.960268974 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.960663080 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.960887909 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.960959911 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.972358942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.972713947 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.972942114 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.973011017 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.977762938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.977906942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.977925062 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.977933884 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.977967978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.977998018 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978014946 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978035927 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978060961 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978070974 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978089094 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978120089 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978142023 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978164911 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978192091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978224039 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978231907 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978245974 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978279114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978287935 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978313923 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978343964 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978358984 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978364944 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978389978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978415012 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978435993 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978468895 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978496075 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978528023 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978543043 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978548050 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978570938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978602886 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978624105 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978631020 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978652000 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978692055 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978698015 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978725910 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978749037 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978770971 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978774071 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978799105 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978827000 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978844881 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978847980 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978876114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978902102 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978904009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978925943 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978928089 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978956938 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.978976011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.978979111 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979002953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979028940 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979031086 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979053020 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979054928 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979073048 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979103088 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979111910 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979130030 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979151964 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979156971 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979171991 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979183912 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979202986 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979211092 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979231119 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979237080 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979263067 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979285002 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979291916 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979338884 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979343891 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979366064 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979393005 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979397058 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979418039 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979420900 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979440928 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979445934 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979479074 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979492903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979501009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979520082 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979547024 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979551077 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979572058 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979573965 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979593992 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979602098 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979624987 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979629040 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979650021 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979676962 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979684114 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979703903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979728937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979733944 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979754925 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979756117 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979783058 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979783058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979801893 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979830027 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979847908 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979857922 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979880095 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979885101 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979912996 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979933023 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.979940891 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.979959965 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.980001926 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.980005980 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.980035067 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.980066061 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.980093002 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.980118036 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.980144978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.980170012 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.980190039 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.980226994 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.980257034 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.980283022 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.980309010 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.980329990 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.980340958 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.980360031 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.980369091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.980392933 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.980433941 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.982978106 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.983031034 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.984812975 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.984982014 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985071898 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985136986 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985142946 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985200882 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985332966 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985358953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985397100 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985428095 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985474110 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985487938 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985539913 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985543966 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985572100 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985599995 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985626936 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985636950 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985685110 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985697985 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985714912 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985732079 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985763073 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985780001 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985825062 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985836983 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985872984 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985909939 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985940933 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985965014 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.985990047 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.985991955 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986021042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986047029 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986068964 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986078978 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986125946 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986133099 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986162901 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986192942 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986222029 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986227989 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986275911 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986284018 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986337900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986339092 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986394882 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986426115 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986481905 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986489058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986536980 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986552954 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986577988 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986599922 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986643076 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986713886 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986741066 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986767054 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986768961 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986807108 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986818075 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986845016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986876011 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986891031 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986910105 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986917973 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.986954927 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986982107 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.986983061 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.987011909 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.987037897 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.987042904 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.987068892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.987076998 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.987124920 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.987133980 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.987162113 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.987185955 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.987188101 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.987215996 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.987236023 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.987242937 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.987262011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.987304926 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.987833023 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.987890005 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.989867926 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.989924908 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.989960909 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.990010977 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.990031958 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.990083933 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.990130901 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.990189075 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.990428925 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.990480900 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.990586042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.990652084 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.990844965 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.990897894 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.991045952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.991101980 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.991108894 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.991161108 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.991280079 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.991349936 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.991385937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.991417885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:02.991441965 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:02.991485119 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.032444000 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.032830000 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.033066988 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.033154964 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.043179989 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.043538094 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.043772936 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.043862104 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.048744917 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.048796892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.048824072 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.048868895 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.048981905 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.049004078 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049098969 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049125910 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049155951 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.049196005 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049201012 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.049282074 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.049297094 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049356937 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.049412012 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049438953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049469948 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049480915 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.049520016 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.049581051 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049612045 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049674034 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049762011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049804926 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049951077 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.049959898 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050013065 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050074100 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050139904 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050170898 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050232887 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050266981 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050329924 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050332069 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050379038 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050384998 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050437927 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050458908 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050513983 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050523043 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050587893 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050637007 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050694942 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050741911 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050789118 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050812006 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050820112 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050841093 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050885916 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.050930023 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050976038 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.050986052 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.051026106 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.051060915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.051115990 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.051203966 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.051230907 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.051259995 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.051285982 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.051343918 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.051367998 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.051424026 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.051486015 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.051544905 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.051872969 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.051899910 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.051930904 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.051949978 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.051995993 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.052041054 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.052097082 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.052153111 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.052180052 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.052222013 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.052242994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.052290916 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.052313089 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.052345037 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.052409887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.052474976 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.052593946 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.052627087 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.052649021 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.052714109 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.054089069 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.054146051 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.054202080 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.054260015 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.054316044 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.054343939 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.054373026 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.054404020 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.054541111 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.054600000 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.054696083 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.054759026 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.054832935 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.054889917 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.054899931 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.054980993 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.055041075 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.055094004 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.055164099 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.055221081 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.055344105 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.055373907 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.055429935 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.055527925 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.055561066 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.055588961 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.055627108 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.055723906 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.055779934 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.055810928 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.055866957 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.055939913 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.055994987 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.056067944 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.056135893 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.056194067 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.056245089 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.056302071 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.056366920 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.056396008 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.056464911 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.056567907 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.056629896 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.056642056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.056699038 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.056725979 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.056781054 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.056848049 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.056911945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.056969881 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.057003021 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.057060003 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.057228088 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.057337046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.057396889 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.057430983 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.057486057 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.057507992 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.057574987 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.057604074 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.057656050 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.057660103 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.057713985 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.057743073 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.057799101 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.057818890 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.057873964 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.057883024 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.057928085 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.057936907 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.058021069 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058080912 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058082104 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.058155060 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058212996 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.058228016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058274031 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058285952 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.058347940 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058408976 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.058423042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058497906 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058557987 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.058574915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058621883 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058687925 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.058708906 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058773041 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058778048 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.058829069 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058885098 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.058893919 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.058983088 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.059041977 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.059098005 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.059189081 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.059242010 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.059264898 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.059328079 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.059330940 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.059386969 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.059446096 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.059612036 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.059669971 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.059673071 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.059870958 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.059876919 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.059895992 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.059953928 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.060071945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.060209036 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.060266018 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.060978889 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.060992956 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.061027050 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.061086893 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.061275005 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.061342955 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.061393023 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.061405897 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.061459064 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.061464071 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.061539888 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.061569929 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.061791897 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.061851025 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.061904907 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.061966896 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.062014103 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.062026024 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.062083006 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.062252998 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.062303066 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.062352896 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.062366009 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.062395096 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.062446117 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.062505960 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.062532902 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.062550068 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.062565088 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.062628031 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.062654018 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.062711000 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.062752008 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.062916040 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.062973976 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.062985897 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.063114882 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.063127041 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.063174009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.063195944 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.063244104 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.063278913 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.063327074 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.063355923 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.063431978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.063482046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.063492060 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.063541889 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.063651085 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.063862085 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.063916922 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.063930988 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.063998938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064047098 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064049959 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.064085007 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064138889 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.064191103 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064203978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064214945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064245939 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064270973 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.064281940 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064306974 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.064325094 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064340115 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064383984 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.064466000 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064557076 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.064728022 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064740896 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064800024 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.064863920 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064877987 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.064930916 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.065135002 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.065232038 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.065248966 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.065304995 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.065990925 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066049099 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.066054106 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066101074 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066167116 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.066184044 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066231012 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066232920 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.066266060 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066322088 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.066340923 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066394091 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.066440105 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066469908 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066483021 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066489935 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.066515923 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066544056 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.066555977 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066577911 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.066632032 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.066673994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066706896 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066759109 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.066865921 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066916943 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.066951990 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.066963911 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.067013979 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.067116022 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.067198038 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.067302942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.067352057 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.067385912 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.067400932 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.067430973 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.067454100 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.067487955 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.067493916 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.067509890 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.067553997 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.067636013 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.067684889 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.067787886 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.067800999 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.067857981 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.068054914 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.068104982 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.068136930 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.068161011 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.068192959 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.068198919 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.068213940 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.068245888 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.068272114 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.068300962 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.068346977 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.068356991 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.068387985 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.068449020 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.068728924 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.068770885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.068784952 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.068844080 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.068850994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.068955898 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.068977118 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069025993 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.069057941 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069144964 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069154024 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.069195032 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069196939 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.069236040 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069276094 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069319010 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.069370031 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069423914 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.069463015 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069529057 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.069582939 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069597006 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069610119 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069623947 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069655895 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.069658041 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069711924 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.069741964 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069777966 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.069787025 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.069818020 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.069822073 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.070135117 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.070204973 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.070224047 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.070697069 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.070853949 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.070949078 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.071027994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071077108 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.071109056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071175098 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.071182966 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071233034 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.071273088 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071341038 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.071624994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071639061 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071654081 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071666956 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071680069 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071688890 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.071692944 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071717978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071731091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071743011 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.071748018 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071774006 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071794033 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.071827888 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.071832895 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071882963 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071898937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.071938992 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.071995020 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.072050095 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.072210073 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.072328091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.072357893 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.072402954 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.072424889 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.072469950 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.072531939 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.072546005 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.072559118 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.072599888 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.072643042 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.072679996 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.072725058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.072793961 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.072971106 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073030949 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.073059082 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073095083 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073139906 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073144913 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.073182106 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073235989 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.073271990 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073323011 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.073344946 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073358059 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073409081 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.073642015 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073666096 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073704004 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.073800087 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073859930 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.073901892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073945999 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.073998928 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.074006081 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074060917 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.074074984 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074193954 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074228048 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074256897 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.074296951 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.074300051 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074326992 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074351072 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.074381113 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.074433088 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074481964 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.074522972 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074578047 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074635029 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.074676991 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074736118 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074800014 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.074803114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074892044 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074914932 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.074956894 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.075016022 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.075030088 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.075089931 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.075488091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.075558901 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.075748920 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.075799942 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.075850964 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.076030016 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.076040983 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.076108932 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.076168060 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.076216936 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.076267958 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.076543093 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.076611042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.076661110 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.076670885 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.076674938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.076719046 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.076771021 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.076823950 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.076884031 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.076891899 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.076970100 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077013016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077033043 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.077073097 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.077084064 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077099085 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077138901 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077158928 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.077177048 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077224016 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.077250957 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077272892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077325106 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.077334881 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077394962 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.077435017 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077460051 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077481031 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.077517986 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.077578068 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077591896 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077605009 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077627897 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077636003 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.077663898 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077680111 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.077701092 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077747107 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.077821970 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.077960968 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078027964 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.078043938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078079939 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078105927 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.078119040 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078136921 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.078233957 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078283072 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.078325033 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078386068 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.078387976 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078404903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078466892 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.078641891 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078710079 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078715086 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.078810930 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078874111 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078881025 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.078924894 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.078986883 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079006910 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.079055071 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.079139948 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079206944 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079282999 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.079298973 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079380035 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.079438925 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079453945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079492092 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.079498053 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079552889 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.079592943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079652071 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079713106 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.079754114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079783916 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079807997 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.079843044 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.079844952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079894066 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.079904079 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.079958916 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.080010891 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.080053091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.080102921 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.080120087 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.080215931 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.080415964 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.080427885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.080487013 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.080717087 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.080774069 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.080836058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.080885887 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.081018925 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.081077099 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.081172943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.081186056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.081234932 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.081533909 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.081577063 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.081597090 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.081638098 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.081676006 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.081727982 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.081753016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.081768990 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.081790924 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.081811905 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.081851959 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.081916094 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.081954002 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082011938 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082041979 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082091093 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082107067 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082159042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082196951 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082220078 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082266092 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082294941 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082323074 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082380056 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082402945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082417011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082457066 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082540035 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082571983 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082596064 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082643032 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082669973 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082683086 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082695961 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082716942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082752943 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082777977 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082787037 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082817078 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082823992 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082909107 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.082932949 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.082999945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083014011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083070040 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.083082914 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083121061 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083174944 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.083204985 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083259106 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083283901 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083334923 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.083669901 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083683014 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083694935 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083717108 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083728075 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083754063 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.083803892 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.083852053 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083892107 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.083909035 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.083934069 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.083944082 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084085941 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084098101 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084162951 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.084213972 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084319115 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.084352016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084474087 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084492922 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084530115 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.084582090 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084614038 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084651947 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084666014 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.084685087 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084703922 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.084728003 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.084734917 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084789991 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.084800959 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084832907 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084878922 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.084884882 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.085092068 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.085104942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.085148096 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.085341930 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.085382938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.085392952 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.085689068 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.085752010 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.085758924 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.085891962 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.085951090 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.086162090 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.086175919 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.086221933 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.086370945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.086487055 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.086539984 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.086611986 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.086642981 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.086702108 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.086741924 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.086756945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.086811066 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.086860895 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.086972952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087024927 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.087075949 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087106943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087157011 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.087186098 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087225914 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087274075 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087285042 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.087321043 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087376118 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087376118 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.087392092 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087420940 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087445974 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.087490082 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.087507963 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087603092 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087655067 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087660074 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.087713957 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087765932 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087776899 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.087778091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087801933 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087827921 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.087850094 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.087866068 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.087949038 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088001966 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.088007927 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088112116 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088124037 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088175058 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.088185072 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088198900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088215113 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088253975 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088258028 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.088293076 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.088568926 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088634968 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088665009 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088690996 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.088720083 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088726997 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.088759899 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088781118 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.088828087 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088841915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.088890076 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.089046001 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089072943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089087009 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089096069 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.089129925 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.089135885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089200974 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089267015 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.089437962 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089525938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089570999 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089580059 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.089672089 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089719057 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089726925 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.089766026 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089813948 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089818954 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.089853048 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089888096 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089900017 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.089915037 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.089951038 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.090024948 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.090044975 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.090075016 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.090104103 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.090109110 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.090157986 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.090193033 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.090549946 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.090605021 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.090611935 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.090845108 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.090912104 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.090933084 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.091058016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.091094971 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.091110945 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.091156006 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.091583014 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.091597080 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.091610909 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.091623068 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.091639996 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.091675997 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.091682911 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.091717005 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.091733932 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.091748953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.091798067 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.091912031 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.091984034 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092031956 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092036009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.092097044 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092149019 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.092189074 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092238903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092298985 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.092353106 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092367887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092397928 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092418909 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.092466116 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.092474937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092530012 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.092534065 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092592001 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092645884 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.092648983 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092708111 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092722893 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.092771053 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.092942953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093010902 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.093071938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093127012 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093138933 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093188047 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.093283892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093305111 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093318939 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093362093 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.093374014 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093420982 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.093556881 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093643904 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093657017 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093709946 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.093734980 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093786955 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093791008 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.093801975 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093854904 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.093894958 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093908072 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093936920 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.093961954 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.094010115 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.094103098 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094125032 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094166994 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.094177961 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094433069 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094485044 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.094504118 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094542027 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094569921 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094597101 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.094640017 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.094644070 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094702959 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094752073 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.094758987 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094806910 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094839096 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094868898 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.094913960 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.094924927 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094964981 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.094971895 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.095006943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.095067024 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.095077991 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.095091105 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.095144033 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.095505953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.095562935 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.095563889 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.095783949 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.095846891 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.095870018 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.095921040 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.096065044 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.096077919 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.096116066 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.096154928 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.096189976 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.096343040 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.096577883 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.096657038 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.096709967 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.096770048 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.096782923 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.096838951 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.096873045 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.096960068 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097017050 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.097105026 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097168922 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097222090 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.097261906 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097316027 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097362041 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.097381115 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097440958 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097498894 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.097505093 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097594976 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097647905 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.097676039 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097798109 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097821951 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097860098 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.097860098 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.097908020 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.097961903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098015070 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.098040104 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098079920 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098156929 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.098185062 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098232985 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.098297119 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098345995 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.098398924 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098450899 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098459959 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.098517895 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.098563910 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098628044 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098644018 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.098684072 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.098704100 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098754883 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098815918 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.098836899 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098887920 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.098896027 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.098999977 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099039078 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099052906 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.099097013 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.099137068 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099184990 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.099212885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099267006 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.099287033 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099339008 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099445105 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099508047 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.099529982 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099577904 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.099582911 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099682093 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099704981 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099741936 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.099814892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099909067 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099963903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.099967957 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.100040913 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100095987 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.100107908 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100178003 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100224972 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100233078 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.100275040 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.100316048 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100383043 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100430965 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.100512028 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100524902 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100575924 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.100608110 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100651026 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100663900 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.100704908 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.100733042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100807905 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100814104 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.100852013 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.100852966 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.100914955 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.101031065 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101043940 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101057053 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101104975 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.101121902 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101164103 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101172924 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.101192951 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101217985 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.101244926 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.101351976 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101365089 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101418972 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.101464987 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101519108 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101572990 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.101747036 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101771116 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101820946 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.101859093 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101912022 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.101918936 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.101967096 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.102006912 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102060080 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.102097034 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102150917 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.102190971 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102241993 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.102288008 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102345943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102345943 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.102400064 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.102406979 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102452040 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.102497101 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102526903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102572918 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.102623940 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102659941 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102678061 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.102706909 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.102739096 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102756023 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102809906 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.102886915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102900982 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102936983 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.102952003 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.103003025 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.103015900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103029013 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103081942 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.103152037 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103213072 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.103280067 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103295088 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103342056 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.103401899 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103457928 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.103507996 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103521109 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103574991 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.103698015 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103744984 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.103765011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103780031 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103832006 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.103878975 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.103935003 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.103974104 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104026079 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.104064941 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104087114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104120970 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.104159117 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.104208946 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104263067 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.104379892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104430914 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.104446888 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104477882 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104501009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.104545116 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.104588032 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104684114 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104724884 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.104743004 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104787111 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104798079 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.104840994 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.104846001 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104895115 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104906082 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.104928017 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104948044 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.104970932 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.105010986 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.105053902 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.105124950 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.105139017 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.105176926 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.105292082 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.105345964 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.105393887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.105452061 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.105515957 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.105546951 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.105570078 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.105609894 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.105660915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.105710983 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.105832100 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.105844975 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.105884075 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.105896950 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.105942011 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.105959892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106010914 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106096983 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106138945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106149912 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106185913 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106189013 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106241941 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106244087 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106293917 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106354952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106368065 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106419086 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106425047 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106470108 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106472015 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106518984 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106522083 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106575012 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106687069 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106791973 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106806993 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106820107 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106832027 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106846094 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106865883 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106906891 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106908083 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.106967926 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.106986046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107002974 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107042074 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.107110023 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107161999 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.107172012 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107223988 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.107347965 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107361078 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107372046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107414961 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.107450008 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107507944 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.107530117 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107578993 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.107685089 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107697010 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107732058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107743979 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.107791901 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.107832909 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107883930 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.107887030 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.107953072 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108002901 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108028889 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108089924 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108098984 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108143091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108153105 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108206034 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108217955 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108270884 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108310938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108361006 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108387947 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108438969 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108474016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108527899 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108568907 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108608007 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108622074 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108660936 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108664989 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108684063 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108716011 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108755112 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108762026 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108813047 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108819008 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108861923 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108875036 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108922005 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.108949900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.108964920 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109018087 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109051943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109074116 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109108925 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109117985 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109142065 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109160900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109170914 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109210968 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109256983 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109302998 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109399080 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109452009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109502077 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109515905 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109565020 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109570026 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109627962 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109637976 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109653950 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109707117 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109754086 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109796047 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109807968 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109843016 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109854937 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.109910011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109930992 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.109971046 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.110034943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.110047102 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.110060930 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.110102892 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.110292912 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.110433102 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.110486984 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.110522032 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.110559940 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.110580921 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.110595942 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.110631943 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.110867023 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.110920906 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.110969067 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111061096 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111083031 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111103058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111110926 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111157894 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111160994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111211061 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111229897 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111279011 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111288071 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111345053 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111392021 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111474037 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111489058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111511946 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111546993 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111573935 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111583948 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111587048 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111617088 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111653090 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111665010 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111691952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111747026 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111831903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111845970 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111888885 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111896038 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111938953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111946106 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.111977100 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.111994028 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112021923 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112042904 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112082958 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112210035 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112222910 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112234116 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112277031 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112309933 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112310886 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112349033 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112360001 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112426043 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112437010 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112452030 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112509966 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112517118 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112564087 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112576008 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112631083 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112634897 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112677097 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112711906 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112751961 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112790108 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112813950 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112874031 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.112907887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112951040 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.112955093 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.113020897 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.113066912 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.113085032 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.113138914 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.113159895 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.113195896 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.113215923 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.113259077 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.113266945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.113303900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.113320112 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.113359928 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.114346027 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.114423990 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.114486933 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.114511967 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.114582062 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.114584923 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.114618063 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.114646912 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.114654064 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.114690065 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.114737034 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.114749908 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.114799976 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.114804983 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.114842892 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.114852905 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.114909887 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.114994049 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115045071 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115045071 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.115057945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115114927 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115118027 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.115156889 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.115168095 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115237951 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.115238905 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115298033 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.115493059 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115547895 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.115569115 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115581989 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115596056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115636110 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.115736961 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115798950 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.115845919 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115904093 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.115923882 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115962029 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.115992069 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116017103 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116018057 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116077900 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116117954 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116174936 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116215944 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116266012 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116333008 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116384029 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116445065 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116478920 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116504908 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116533041 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116535902 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116584063 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116632938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116641998 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116708994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116708994 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116759062 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116822958 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116835117 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116847038 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116895914 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.116966963 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.116978884 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117017031 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117047071 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117049932 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117146015 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117160082 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117172003 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117212057 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117223978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117255926 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117316008 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117347002 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117382050 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117432117 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117443085 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117465973 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117506027 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117598057 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117609978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117620945 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117666006 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117685080 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117738008 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117739916 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117785931 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117845058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117846012 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117894888 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.117912054 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117949963 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.117984056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.118005037 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.118036032 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.118036985 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.118079901 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.118274927 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.118287086 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.118299961 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.118346930 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.122792959 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122833014 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122844934 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122848034 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.122858047 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122881889 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.122889042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122904062 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122915983 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122915983 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.122927904 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122941017 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122952938 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122953892 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.122965097 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122977972 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122988939 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.122992992 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.123011112 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123023987 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123034954 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123034954 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.123049021 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123060942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123073101 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123085022 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123096943 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123097897 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.123107910 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123127937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123141050 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123152971 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123164892 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123169899 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.123176098 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123182058 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123188019 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123193026 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123203993 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123215914 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123223066 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.123226881 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123239040 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123276949 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123289108 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123289108 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.123300076 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123373985 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.123435020 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123447895 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123459101 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123529911 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.123562098 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123575926 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123634100 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.123673916 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123725891 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.123832941 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123886108 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.123974085 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.123986959 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124037027 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.124106884 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124119997 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124130011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124182940 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.124324083 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124336004 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124346972 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124385118 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.124433994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124490023 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.124695063 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124707937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124752998 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.124794960 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.124819994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124831915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124844074 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124855042 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.124871969 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.124908924 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.124970913 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125066996 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.125097990 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125109911 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125122070 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125149965 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.125197887 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.125210047 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125222921 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125233889 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125245094 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125257969 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125269890 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.125272989 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125315905 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.125349998 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.125349998 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125363111 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125375032 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125386000 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125402927 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.125437975 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.125505924 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125582933 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.125632048 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125643969 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125654936 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125665903 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125696898 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.125719070 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.125726938 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.125771999 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.129905939 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.129930973 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.129952908 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.130044937 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.130119085 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.130168915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.130193949 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.130222082 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.130255938 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.130311966 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.130336046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.130567074 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.130640984 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.130666018 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.130697966 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.130738974 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.130762100 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.130826950 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.130907059 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.130932093 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.130975962 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131045103 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131103039 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131201029 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131225109 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131247997 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131258965 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131303072 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131365061 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131390095 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131422043 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131450891 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131469965 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131494045 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131516933 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131541967 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131542921 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131571054 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131596088 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131623983 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131648064 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131670952 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131676912 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131711960 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131756067 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131779909 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131807089 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131818056 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131861925 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.131901979 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.131957054 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132040024 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132066011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132088900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132098913 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132114887 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132137060 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132138968 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132163048 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132165909 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132188082 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132193089 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132211924 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132236004 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132261038 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132270098 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132285118 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132308960 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132311106 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132333994 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132337093 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132358074 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132364035 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132381916 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132405043 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132411003 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132428885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132452011 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132462025 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132476091 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132493973 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132499933 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132524014 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132536888 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132550001 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132567883 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132575035 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132599115 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132600069 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132632971 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132642984 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132674932 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132678032 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132704020 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132704973 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132728100 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132733107 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132751942 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132760048 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132776022 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132785082 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132801056 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132822990 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132824898 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132848978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132867098 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132872105 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132895947 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132898092 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132919073 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132935047 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132942915 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132966995 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.132966995 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.132991076 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133014917 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133019924 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.133038998 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133063078 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133064032 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.133086920 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133088112 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.133110046 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133126974 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.133135080 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133152962 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.133158922 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133177042 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.133184910 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133208990 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133212090 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.133232117 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133255005 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.133261919 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133285046 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.133291006 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.133316994 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.133348942 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.134994030 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135040045 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135056973 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.135118008 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.135183096 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135235071 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135257006 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.135258913 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135303020 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.135353088 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135406971 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.135476112 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135504007 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135560989 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.135632038 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135657072 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135684013 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.135714054 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.135756969 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135799885 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135813951 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.135853052 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.135891914 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135921001 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.135962009 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.136008978 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.136075020 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.136265993 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.136322021 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.136351109 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.136409998 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.136466980 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.136545897 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.136642933 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.136698008 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.136714935 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.136837006 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.141431093 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.141669989 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.141783953 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.141843081 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.142175913 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.142188072 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.142199039 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.142221928 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.142232895 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.142241001 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.142244101 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.142257929 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.142297983 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.142345905 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.184300900 CET156664973066.63.187.173192.168.2.4
                                Jan 10, 2025 10:14:03.184511900 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.184685946 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.184782982 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.184900999 CET4973015666192.168.2.466.63.187.173
                                Jan 10, 2025 10:14:03.184983969 CET4973015666192.168.2.466.63.187.173

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Jan 10, 2025 10:14:00.678725958 CET192.168.2.41.1.1.10x144Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Jan 10, 2025 10:14:00.685592890 CET1.1.1.1192.168.2.40x144No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                Jan 10, 2025 10:14:00.685592890 CET1.1.1.1192.168.2.40x144No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                Jan 10, 2025 10:14:00.685592890 CET1.1.1.1192.168.2.40x144No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false

                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.449731104.26.12.2054437488C:\Users\user\Desktop\gem1.exe
                                TimestampBytes transferredDirectionData
                                2025-01-10 09:14:01 UTC100OUTGET / HTTP/1.1
                                Accept: text/html; text/plain; */*
                                Host: api.ipify.org
                                Cache-Control: no-cache
                                2025-01-10 09:14:01 UTC424INHTTP/1.1 200 OK
                                Date: Fri, 10 Jan 2025 09:14:01 GMT
                                Content-Type: text/plain
                                Content-Length: 12
                                Connection: close
                                Vary: Origin
                                CF-Cache-Status: DYNAMIC
                                Server: cloudflare
                                CF-RAY: 8ffb8dee8e177c8e-EWR
                                server-timing: cfL4;desc="?proto=TCP&rtt=2013&min_rtt=2003&rtt_var=772&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=738&delivery_rate=1398467&cwnd=248&unsent_bytes=0&cid=d1b1a13b93f9bfc5&ts=201&x=0"
                                2025-01-10 09:14:01 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                Data Ascii: 8.46.123.189


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:04:13:59
                                Start date:10/01/2025
                                Path:C:\Users\user\Desktop\gem1.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\gem1.exe"
                                Imagebase:0x470000
                                File size:1'202'688 bytes
                                MD5 hash:D61AC037C333F1BC288C1A96A4DB7C21
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:1
                                Start time:04:13:59
                                Start date:10/01/2025
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff7699e0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:2
                                Start time:04:13:59
                                Start date:10/01/2025
                                Path:C:\Users\user\Desktop\gem1.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\gem1.exe"
                                Imagebase:0xfe0000
                                File size:1'202'688 bytes
                                MD5 hash:D61AC037C333F1BC288C1A96A4DB7C21
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000002.00000002.1863644496.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: infostealer_win_meduzastealer, Description: Finds MeduzaStealer samples based on specific strings, Source: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Sekoia.io
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:5
                                Start time:04:13:59
                                Start date:10/01/2025
                                Path:C:\Windows\SysWOW64\WerFault.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 920
                                Imagebase:0x630000
                                File size:483'680 bytes
                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:9.9%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:36.8%
                                  Total number of Nodes:19
                                  Total number of Limit Nodes:2
                                  execution_graph 1825 1090aa8 1829 1090ad0 1825->1829 1826 1090c54 1827 1090c32 1826->1827 1836 1090668 1826->1836 1829->1827 1831 10927bb 1829->1831 1835 10927c4 1831->1835 1832 1092a63 VirtualProtect 1833 1092aa0 1832->1833 1833->1826 1834 10927ee 1834->1826 1835->1832 1835->1834 1837 1092a18 VirtualProtect 1836->1837 1839 1092aa0 1837->1839 1839->1827 1840 28b8086 1841 28b80a0 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 1840->1841 1842 28b8147 WriteProcessMemory 1841->1842 1846 28b804f GetPEB 1841->1846 1843 28b818c 1842->1843 1844 28b81ce WriteProcessMemory Wow64SetThreadContext ResumeThread 1843->1844 1845 28b8191 WriteProcessMemory 1843->1845 1845->1843 1846->1841

                                  Executed Functions

                                  Function 028B7F09 Relevance: 40.5, APIs: 10, Strings: 13, Instructions: 294threadinjectionmemoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,028B7E7B,028B7E6B), ref: 028B80A1
                                  • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 028B80B4
                                  • Wow64GetThreadContext.KERNEL32(000000A0,00000000), ref: 028B80D2
                                  • ReadProcessMemory.KERNELBASE(0000009C,?,028B7EBF,00000004,00000000), ref: 028B80F6
                                  • VirtualAllocEx.KERNELBASE(0000009C,?,?,00003000,00000040), ref: 028B8121
                                  • WriteProcessMemory.KERNELBASE(0000009C,00000000,?,?,00000000,?), ref: 028B8179
                                  • WriteProcessMemory.KERNELBASE(0000009C,00400000,?,?,00000000,?,00000028), ref: 028B81C4
                                  • WriteProcessMemory.KERNELBASE(0000009C,?,?,00000004,00000000), ref: 028B8202
                                  • Wow64SetThreadContext.KERNEL32(000000A0,02770000), ref: 028B823E
                                  • ResumeThread.KERNELBASE(000000A0), ref: 028B824D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1845353895.00000000028B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B7000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_28b7000_gem1.jbxd
                                  Similarity
                                  • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                  • String ID: CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                  • API String ID: 2687962208-232383841
                                  • Opcode ID: 956aea2136c6b0205ab5bf3fe1e0123e9091b05b22cf94d50ecc47fa332fbd9d
                                  • Instruction ID: a934e2b13253e7fc2fea5a08f1180bc1a0daaf132d14ac55f6a354d662d1bcd6
                                  • Opcode Fuzzy Hash: 956aea2136c6b0205ab5bf3fe1e0123e9091b05b22cf94d50ecc47fa332fbd9d
                                  • Instruction Fuzzy Hash: 19B1E67660024AAFDB60CF68CC80BDAB3A5FF88714F158118EA08EB341D774FA51CB94
                                  Function 028B8086 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82threadinjectionmemoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,028B7E7B,028B7E6B), ref: 028B80A1
                                  • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 028B80B4
                                  • Wow64GetThreadContext.KERNEL32(000000A0,00000000), ref: 028B80D2
                                  • ReadProcessMemory.KERNELBASE(0000009C,?,028B7EBF,00000004,00000000), ref: 028B80F6
                                  • VirtualAllocEx.KERNELBASE(0000009C,?,?,00003000,00000040), ref: 028B8121
                                  • WriteProcessMemory.KERNELBASE(0000009C,00000000,?,?,00000000,?), ref: 028B8179
                                  • WriteProcessMemory.KERNELBASE(0000009C,00400000,?,?,00000000,?,00000028), ref: 028B81C4
                                  • WriteProcessMemory.KERNELBASE(0000009C,?,?,00000004,00000000), ref: 028B8202
                                  • Wow64SetThreadContext.KERNEL32(000000A0,02770000), ref: 028B823E
                                  • ResumeThread.KERNELBASE(000000A0), ref: 028B824D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1845353895.00000000028B7000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B7000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_28b7000_gem1.jbxd
                                  Similarity
                                  • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                  • String ID: TerminateProcess
                                  • API String ID: 2687962208-2873147277
                                  • Opcode ID: 366357b1f1c2220b0d4ba716667a9fb5a6f16c59ad58adbe506062085bfa29f6
                                  • Instruction ID: ff024a46211f4c36ebca1bf851e3f51a06510563cfc6f339eeb2872bf409e524
                                  • Opcode Fuzzy Hash: 366357b1f1c2220b0d4ba716667a9fb5a6f16c59ad58adbe506062085bfa29f6
                                  • Instruction Fuzzy Hash: 68312D7624064AEBD735CF54CC91FEA73A5BFC8B15F148508EB09AF381C6B4BA018B94
                                  Function 010927BB Relevance: 1.8, APIs: 1, Instructions: 250memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 36 10927bb-10927c2 37 10927c4-10927c5 36->37 38 10927c6-10927ec 36->38 37->38 39 10927f8-109281d 38->39 40 10927ee-10927f5 38->40 43 1092820-1092833 39->43 45 1092839-1092844 43->45 46 10929fc-1092a12 43->46 45->46 47 109284a-1092855 45->47 51 1092a14-1092a15 46->51 52 1092a16 46->52 47->46 48 109285b-1092869 47->48 48->43 50 109286b-1092873 48->50 53 1092876-1092882 50->53 51->52 54 1092a18-1092a19 52->54 55 1092a1a-1092a9e VirtualProtect 52->55 53->46 56 1092888-1092892 53->56 54->55 59 1092aa0 55->59 60 1092aa5-1092ab9 55->60 56->46 58 1092898-10928a4 56->58 61 10928ad-10928b6 58->61 62 10928a6-10928ac 58->62 59->60 61->46 63 10928bc-10928c7 61->63 62->61 63->46 64 10928cd-10928dc 63->64 64->46 65 10928e2-10928f0 64->65 65->53 66 10928f2-1092901 65->66 67 10929f2-10929f9 66->67 68 1092907 66->68 69 1092912-109292d 68->69 70 109292f-109293b 69->70 71 1092973-1092989 69->71 72 109293d-1092943 70->72 73 1092944-109294d 70->73 79 109298e-1092997 71->79 72->73 73->71 74 109294f-109295a 73->74 74->71 76 109295c-109296b 74->76 76->71 77 109296d-1092971 76->77 77->79 79->46 80 1092999-10929a7 79->80 80->46 82 10929a9-10929b6 80->82 83 10929b8-10929bf 82->83 84 10929c0-10929c9 82->84 83->84 84->46 85 10929cb-10929d8 84->85 85->46 86 10929da-10929ec 85->86 86->67 86->68
                                  APIs
                                  • VirtualProtect.KERNELBASE(038B3588,?,?,?), ref: 01092A91
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1843555190.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1090000_gem1.jbxd
                                  Similarity
                                  • API ID: ProtectVirtual
                                  • String ID:
                                  • API String ID: 544645111-0
                                  • Opcode ID: 39ab32091e27151823f0258cf92552ed8becfa9a7fe0eb1c40f68033e57df107
                                  • Instruction ID: 1aa60a12db8e57aad5fcbed5f59e3e9afe86d33ade1d133f11ed8e03a0f21d97
                                  • Opcode Fuzzy Hash: 39ab32091e27151823f0258cf92552ed8becfa9a7fe0eb1c40f68033e57df107
                                  • Instruction Fuzzy Hash: AAA10871904259AFCF05CFA9D590AEDFBF1BF48314F29C659E498A7252C330A881DBA4
                                  Function 01090668 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 87 1090668-1092a9e VirtualProtect 91 1092aa0 87->91 92 1092aa5-1092ab9 87->92 91->92
                                  APIs
                                  • VirtualProtect.KERNELBASE(038B3588,?,?,?), ref: 01092A91
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1843555190.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1090000_gem1.jbxd
                                  Similarity
                                  • API ID: ProtectVirtual
                                  • String ID:
                                  • API String ID: 544645111-0
                                  • Opcode ID: 60fb2614769ae77e0de37b66209068103072f37d5434c5ffc64a70069a272ea8
                                  • Instruction ID: d273d3c78e97fc235c44ba8b501d2d908265549a63d1d3e9c2008db63444ab49
                                  • Opcode Fuzzy Hash: 60fb2614769ae77e0de37b66209068103072f37d5434c5ffc64a70069a272ea8
                                  • Instruction Fuzzy Hash: DB21E0B5D00219AFCB10DF9AD884ADEFBB4FB49320F10812AE918B7340C374A954CBE5

                                  Execution Graph

                                  Execution Coverage:11.3%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:15.8%
                                  Total number of Nodes:1754
                                  Total number of Limit Nodes:84
                                  execution_graph 47843 49c50a 47844 49c517 47843->47844 47849 49c52f 47843->47849 47900 4950d4 14 API calls __dosmaperr 47844->47900 47846 49c51c 47901 497d29 50 API calls __fread_nolock 47846->47901 47848 49c58e 47863 498cea 47848->47863 47849->47848 47857 49c527 47849->47857 47902 49e8bd 14 API calls 2 library calls 47849->47902 47852 49c5a7 47870 49edf5 47852->47870 47855 498cea __fread_nolock 50 API calls 47856 49c5e0 47855->47856 47856->47857 47858 498cea __fread_nolock 50 API calls 47856->47858 47859 49c5ee 47858->47859 47859->47857 47860 498cea __fread_nolock 50 API calls 47859->47860 47861 49c5fc 47860->47861 47862 498cea __fread_nolock 50 API calls 47861->47862 47862->47857 47864 498d0b 47863->47864 47865 498cf6 47863->47865 47864->47852 47903 4950d4 14 API calls __dosmaperr 47865->47903 47867 498cfb 47904 497d29 50 API calls __fread_nolock 47867->47904 47869 498d06 47869->47852 47871 49ee01 ___scrt_is_nonwritable_in_current_image 47870->47871 47872 49ee09 47871->47872 47876 49ee24 47871->47876 47971 4950c1 14 API calls __dosmaperr 47872->47971 47874 49ee0e 47972 4950d4 14 API calls __dosmaperr 47874->47972 47875 49ee3b 47973 4950c1 14 API calls __dosmaperr 47875->47973 47876->47875 47879 49ee76 47876->47879 47882 49ee7f 47879->47882 47883 49ee94 47879->47883 47880 49c5af 47880->47855 47880->47857 47881 49ee40 47974 4950d4 14 API calls __dosmaperr 47881->47974 47976 4950c1 14 API calls __dosmaperr 47882->47976 47905 4a2e7b EnterCriticalSection 47883->47905 47887 49ee84 47977 4950d4 14 API calls __dosmaperr 47887->47977 47888 49ee9a 47891 49eeb9 47888->47891 47892 49eece 47888->47892 47889 49ee48 47975 497d29 50 API calls __fread_nolock 47889->47975 47978 4950d4 14 API calls __dosmaperr 47891->47978 47906 49ef0e 47892->47906 47896 49eebe 47979 4950c1 14 API calls __dosmaperr 47896->47979 47898 49eec9 47980 49ef06 LeaveCriticalSection __wsopen_s 47898->47980 47900->47846 47901->47857 47902->47848 47903->47867 47904->47869 47905->47888 47907 49ef20 47906->47907 47910 49ef38 47906->47910 47990 4950c1 14 API calls __dosmaperr 47907->47990 47909 49f27a 48012 4950c1 14 API calls __dosmaperr 47909->48012 47910->47909 47915 49ef7b 47910->47915 47911 49ef25 47991 4950d4 14 API calls __dosmaperr 47911->47991 47914 49f27f 48013 4950d4 14 API calls __dosmaperr 47914->48013 47917 49ef86 47915->47917 47918 49ef2d 47915->47918 47922 49efb6 47915->47922 47992 4950c1 14 API calls __dosmaperr 47917->47992 47918->47898 47919 49ef93 48014 497d29 50 API calls __fread_nolock 47919->48014 47921 49ef8b 47993 4950d4 14 API calls __dosmaperr 47921->47993 47925 49efcf 47922->47925 47926 49f00a 47922->47926 47927 49efdc 47922->47927 47925->47927 47931 49eff8 47925->47931 47997 49d15a 15 API calls 3 library calls 47926->47997 47994 4950c1 14 API calls __dosmaperr 47927->47994 47930 49efe1 47995 4950d4 14 API calls __dosmaperr 47930->47995 47981 4a652f 47931->47981 47932 49f01b 47998 49c0bd 47932->47998 47936 49efe8 47996 497d29 50 API calls __fread_nolock 47936->47996 47937 49f156 47940 49f1ca 47937->47940 47943 49f16f GetConsoleMode 47937->47943 47942 49f1ce ReadFile 47940->47942 47941 49c0bd __freea 14 API calls 47944 49f02b 47941->47944 47945 49f242 GetLastError 47942->47945 47946 49f1e6 47942->47946 47943->47940 47947 49f180 47943->47947 47948 49f050 47944->47948 47949 49f035 47944->47949 47950 49f24f 47945->47950 47951 49f1a6 47945->47951 47946->47945 47952 49f1bf 47946->47952 47947->47942 47953 49f186 ReadConsoleW 47947->47953 48006 49f49f 52 API calls 2 library calls 47948->48006 48004 4950d4 14 API calls __dosmaperr 47949->48004 48010 4950d4 14 API calls __dosmaperr 47950->48010 47968 49eff3 __fread_nolock 47951->47968 48007 49507a 14 API calls __dosmaperr 47951->48007 47964 49f20b 47952->47964 47965 49f222 47952->47965 47952->47968 47953->47952 47954 49f1a0 GetLastError 47953->47954 47954->47951 47955 49c0bd __freea 14 API calls 47955->47918 47960 49f03a 48005 4950c1 14 API calls __dosmaperr 47960->48005 47961 49f254 48011 4950c1 14 API calls __dosmaperr 47961->48011 48008 49ec20 55 API calls 3 library calls 47964->48008 47967 49f23b 47965->47967 47965->47968 48009 49ea66 53 API calls __fread_nolock 47967->48009 47968->47955 47970 49f240 47970->47968 47971->47874 47972->47880 47973->47881 47974->47889 47975->47880 47976->47887 47977->47889 47978->47896 47979->47898 47980->47880 47982 4a6549 47981->47982 47983 4a653c 47981->47983 47986 4a6555 47982->47986 48016 4950d4 14 API calls __dosmaperr 47982->48016 48015 4950d4 14 API calls __dosmaperr 47983->48015 47985 4a6541 47985->47937 47986->47937 47988 4a6576 48017 497d29 50 API calls __fread_nolock 47988->48017 47990->47911 47991->47918 47992->47921 47993->47919 47994->47930 47995->47936 47996->47968 47997->47932 47999 49c0c8 RtlFreeHeap 47998->47999 48003 49c0f2 47998->48003 48000 49c0dd GetLastError 47999->48000 47999->48003 48001 49c0ea __dosmaperr 48000->48001 48018 4950d4 14 API calls __dosmaperr 48001->48018 48003->47941 48004->47960 48005->47968 48006->47931 48007->47968 48008->47968 48009->47970 48010->47961 48011->47968 48012->47914 48013->47919 48014->47918 48015->47985 48016->47988 48017->47985 48018->48003 48019 45b200 48020 45b234 48019->48020 48021 45b270 48019->48021 48022 44ec30 50 API calls 48020->48022 48023 45b2a0 48021->48023 48024 45b278 48021->48024 48028 45b23c 48022->48028 48033 44ec30 48023->48033 48025 45b296 48024->48025 48026 45b289 48024->48026 48042 467ce0 50 API calls 2 library calls 48025->48042 48029 44ec30 50 API calls 48026->48029 48043 44d3b0 48028->48043 48031 45b290 48029->48031 48034 44d3b0 50 API calls 48033->48034 48035 44ec9c 48034->48035 48076 4abc08 48035->48076 48037 44ecae 48090 44bad0 48037->48090 48039 44ecc8 48106 4abbf5 48039->48106 48041 44ecfd 48041->48028 48042->48031 48044 44d3fb 48043->48044 48045 44d5f6 48044->48045 48047 44d495 48044->48047 48048 44d43f 48044->48048 48070 44d633 error_info_injector 48044->48070 48059 44d655 48045->48059 48060 44d660 48045->48060 48061 44d61a 48045->48061 48062 44d64a 48045->48062 48045->48070 48046 4abbf5 CatchGuardHandler 5 API calls 48049 44d694 48046->48049 48051 44d4b6 48047->48051 48053 44d69d 48047->48053 48054 44d4aa 48047->48054 48050 44d46f 48048->48050 48052 44d463 48048->48052 48048->48053 48049->48031 48073 44d490 48050->48073 48150 451c60 50 API calls 48050->48150 48051->48073 48152 451c60 50 API calls 48051->48152 48149 452540 50 API calls 2 library calls 48052->48149 48164 449730 50 API calls 48053->48164 48151 452540 50 API calls 2 library calls 48054->48151 48144 44d060 48059->48144 48157 454ec0 48060->48157 48155 452630 50 API calls error_info_injector 48061->48155 48156 44de70 50 API calls error_info_injector 48062->48156 48070->48046 48072 451c60 50 API calls 48072->48073 48073->48072 48074 44aa40 50 API calls 48073->48074 48075 44d5e4 48073->48075 48153 452630 50 API calls error_info_injector 48073->48153 48074->48073 48154 44de70 50 API calls error_info_injector 48075->48154 48078 4abc0d 48076->48078 48079 4abc27 48078->48079 48081 4abc29 48078->48081 48113 497e9c 48078->48113 48129 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 48078->48129 48079->48037 48082 434f80 Concurrency::cancel_current_task 48081->48082 48083 4abc33 Concurrency::cancel_current_task 48081->48083 48120 4afa0c RaiseException 48082->48120 48130 4afa0c RaiseException 48083->48130 48086 434f9c 48121 4ad3de 48086->48121 48087 4acede 48091 44bafc 48090->48091 48092 44bbae 48091->48092 48093 44bb0d 48091->48093 48137 4350b0 48092->48137 48095 44bb3a 48093->48095 48098 44bb12 _Yarn 48093->48098 48101 44bb82 48093->48101 48102 44bb79 48093->48102 48099 4abc08 std::_Facet_Register 50 API calls 48095->48099 48096 44bbb3 48140 434f80 50 API calls 2 library calls 48096->48140 48098->48039 48100 44bb4d 48099->48100 48100->48098 48141 497d39 50 API calls 2 library calls 48100->48141 48104 4abc08 std::_Facet_Register 50 API calls 48101->48104 48102->48095 48102->48096 48104->48098 48107 4abbfe IsProcessorFeaturePresent 48106->48107 48108 4abbfd 48106->48108 48110 4ac011 48107->48110 48108->48041 48143 4abfd4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 48110->48143 48112 4ac0f4 48112->48041 48119 49d15a _strftime 48113->48119 48114 49d198 48132 4950d4 14 API calls __dosmaperr 48114->48132 48115 49d183 RtlAllocateHeap 48117 49d196 48115->48117 48115->48119 48117->48078 48119->48114 48119->48115 48131 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 48119->48131 48120->48086 48122 434ff6 48121->48122 48123 4ad3eb 48121->48123 48122->48037 48123->48122 48124 497e9c ___std_exception_copy 15 API calls 48123->48124 48125 4ad408 48124->48125 48126 4ad418 48125->48126 48133 49826d 50 API calls 2 library calls 48125->48133 48134 497357 48126->48134 48129->48078 48130->48087 48131->48119 48132->48117 48133->48126 48135 49c0bd __freea 14 API calls 48134->48135 48136 49736f 48135->48136 48136->48122 48142 4b9061 50 API calls 2 library calls 48137->48142 48140->48100 48143->48112 48145 44d08d 48144->48145 48146 44d0a8 error_info_injector 48144->48146 48145->48146 48165 497d39 50 API calls 2 library calls 48145->48165 48146->48070 48149->48050 48150->48050 48151->48051 48152->48051 48153->48073 48154->48045 48155->48070 48156->48070 48158 454f08 error_info_injector 48157->48158 48159 454eeb 48157->48159 48158->48070 48159->48158 48166 497d39 50 API calls 2 library calls 48159->48166 48167 486f20 GetCurrentHwProfileW 48168 487050 48167->48168 48169 486f94 48167->48169 48190 4517f0 48168->48190 48179 47a340 48169->48179 48172 486ffb 48175 44d060 50 API calls 48172->48175 48173 4abbf5 CatchGuardHandler 5 API calls 48176 48709c 48173->48176 48174 486fa2 48174->48172 48189 49054d 54 API calls 48174->48189 48178 48704e 48175->48178 48178->48173 48180 47a3b5 48179->48180 48181 47a394 48179->48181 48205 43fda0 48180->48205 48182 4abbf5 CatchGuardHandler 5 API calls 48181->48182 48183 47a426 48182->48183 48183->48174 48185 47a3e9 48210 47a430 52 API calls CatchGuardHandler 48185->48210 48187 47a3fa 48211 44cfd0 48187->48211 48189->48174 48191 4518bd 48190->48191 48196 451810 48190->48196 48192 4350b0 50 API calls 48191->48192 48194 4518c2 48192->48194 48193 451815 _Yarn 48193->48178 48217 434f80 50 API calls 2 library calls 48194->48217 48196->48193 48199 451883 48196->48199 48200 45188c 48196->48200 48202 451844 48196->48202 48197 4abc08 std::_Facet_Register 50 API calls 48198 451857 48197->48198 48198->48193 48218 497d39 50 API calls 2 library calls 48198->48218 48199->48194 48199->48202 48203 4abc08 std::_Facet_Register 50 API calls 48200->48203 48202->48197 48203->48193 48206 43fe3f 48205->48206 48209 43fdbf _Yarn 48205->48209 48207 4350b0 50 API calls 48206->48207 48208 43fe44 48207->48208 48209->48185 48210->48187 48212 44cffd 48211->48212 48213 44d01e error_info_injector 48211->48213 48212->48213 48216 497d39 50 API calls 2 library calls 48212->48216 48213->48181 48217->48198 48219 459bad 48315 460ac0 48219->48315 48221 45a514 48443 4540f0 48221->48443 48223 44d060 50 API calls 48225 45a508 48223->48225 48224 45a523 48226 4abbf5 CatchGuardHandler 5 API calls 48224->48226 48227 44d060 50 API calls 48225->48227 48228 45a53d 48226->48228 48227->48221 48229 455090 52 API calls 48249 459bca 48229->48249 48230 459d7e 48331 455090 48230->48331 48231 459a9e 48235 455090 52 API calls 48231->48235 48233 45a060 48237 4517f0 50 API calls 48233->48237 48234 459fb4 48238 4517f0 50 API calls 48234->48238 48239 4599f3 48235->48239 48242 45a084 48237->48242 48243 459fd8 48238->48243 48250 4517f0 50 API calls 48239->48250 48240 459d92 48345 4632d0 48240->48345 48241 45a1b8 48245 4517f0 50 API calls 48241->48245 48246 4543f0 55 API calls 48242->48246 48358 4543f0 48243->48358 48252 45a1dc 48245->48252 48253 45a09c 48246->48253 48249->48229 48249->48230 48249->48231 48249->48233 48249->48234 48255 45c700 50 API calls 48249->48255 48304 45a057 48249->48304 48257 45a47a 48250->48257 48251 459da8 48258 455090 52 API calls 48251->48258 48259 4543f0 55 API calls 48252->48259 48254 459790 50 API calls 48253->48254 48260 45a0c1 48254->48260 48255->48249 48262 4543f0 55 API calls 48257->48262 48263 459db8 48258->48263 48264 45a1f4 48259->48264 48265 454730 55 API calls 48260->48265 48267 45a492 48262->48267 48268 459dc4 48263->48268 48269 45a10c 48263->48269 48270 459790 50 API calls 48264->48270 48271 45a0d6 48265->48271 48273 459790 50 API calls 48267->48273 48275 455090 52 API calls 48268->48275 48274 4517f0 50 API calls 48269->48274 48276 45a219 48270->48276 48278 45a590 50 API calls 48271->48278 48280 45a4b7 48273->48280 48281 45a130 48274->48281 48275->48239 48277 454730 55 API calls 48276->48277 48282 45a22e 48277->48282 48283 45a0e5 48278->48283 48285 454730 55 API calls 48280->48285 48286 4543f0 55 API calls 48281->48286 48287 45a590 50 API calls 48282->48287 48288 44d060 50 API calls 48283->48288 48290 45a4cc 48285->48290 48291 45a148 48286->48291 48292 45a23d 48287->48292 48293 45a0f4 48288->48293 48289 44d060 50 API calls 48294 45a048 48289->48294 48295 45a590 50 API calls 48290->48295 48296 459790 50 API calls 48291->48296 48298 44d060 50 API calls 48292->48298 48299 438d50 14 API calls 48293->48299 48438 438d50 48294->48438 48301 45a4db 48295->48301 48297 45a16d 48296->48297 48302 454730 55 API calls 48297->48302 48303 45a24c 48298->48303 48299->48304 48305 44d060 50 API calls 48301->48305 48306 45a182 48302->48306 48307 438d50 14 API calls 48303->48307 48304->48221 48304->48223 48308 45a4ea 48305->48308 48309 45a590 50 API calls 48306->48309 48307->48304 48310 438d50 14 API calls 48308->48310 48311 45a191 48309->48311 48310->48304 48312 44d060 50 API calls 48311->48312 48313 45a1a0 48312->48313 48314 438d50 14 API calls 48313->48314 48314->48304 48316 460b97 48315->48316 48317 460b0c 48315->48317 48319 460c12 48316->48319 48320 460b9f 48316->48320 48318 44d3b0 50 API calls 48317->48318 48322 460b3c 48318->48322 48321 44d3b0 50 API calls 48319->48321 48323 460bf0 48320->48323 48324 460bb0 48320->48324 48325 460c42 48321->48325 48326 44d3b0 50 API calls 48322->48326 48448 468060 50 API calls 2 library calls 48323->48448 48327 44d3b0 50 API calls 48324->48327 48329 44d3b0 50 API calls 48325->48329 48330 460b8d 48326->48330 48327->48330 48329->48330 48330->48249 48332 4550aa 48331->48332 48336 4550cb 48331->48336 48449 456790 48332->48449 48333 456790 52 API calls 48333->48336 48336->48333 48339 4550d2 48336->48339 48344 455124 48336->48344 48337 456790 52 API calls 48338 4550bd 48337->48338 48338->48339 48340 456790 52 API calls 48338->48340 48341 4abbf5 CatchGuardHandler 5 API calls 48339->48341 48340->48336 48342 4553ab 48341->48342 48342->48240 48342->48241 48343 456790 52 API calls 48343->48344 48344->48339 48344->48343 48353 46330e 48345->48353 48346 46336e 48348 4abc08 std::_Facet_Register 50 API calls 48346->48348 48347 46341a 48562 4351b0 50 API calls 48347->48562 48350 46338f 48348->48350 48352 44bad0 50 API calls 48350->48352 48354 4633ae 48352->48354 48353->48346 48353->48347 48355 463342 48353->48355 48539 44ca70 48354->48539 48355->48251 48357 4633c5 48357->48251 48359 4517f0 50 API calls 48358->48359 48360 454470 48359->48360 48361 4544b3 48360->48361 48570 457160 50 API calls 48360->48570 48363 4544c0 48361->48363 48576 4520f0 48361->48576 48367 4544ff 48363->48367 48372 454559 48363->48372 48365 454499 48571 44b9d0 48365->48571 48369 454730 55 API calls 48367->48369 48368 4544a7 48370 44d060 50 API calls 48368->48370 48371 45450f 48369->48371 48370->48361 48591 45a6d0 50 API calls 48371->48591 48372->48372 48378 4545bc 48372->48378 48592 4516d0 48372->48592 48374 454532 48375 44b9d0 50 API calls 48374->48375 48377 454541 48375->48377 48381 44d060 50 API calls 48377->48381 48379 4545d2 _Yarn 48378->48379 48380 4520f0 50 API calls 48378->48380 48607 44b960 48379->48607 48380->48379 48382 45454d 48381->48382 48384 44d060 50 API calls 48382->48384 48388 45462f 48384->48388 48385 45460a 48386 44b9d0 50 API calls 48385->48386 48386->48382 48387 45470c 48398 459790 48387->48398 48388->48387 48389 45469e 48388->48389 48390 4516d0 50 API calls 48388->48390 48391 4520f0 50 API calls 48389->48391 48392 4546b4 _Yarn 48389->48392 48390->48389 48391->48392 48393 44b960 50 API calls 48392->48393 48394 4546ef 48393->48394 48395 44b9d0 50 API calls 48394->48395 48396 4546fa 48395->48396 48397 44d060 50 API calls 48396->48397 48397->48387 48399 459817 48398->48399 48400 4517f0 50 API calls 48398->48400 48616 438b10 48399->48616 48400->48399 48403 4517f0 50 API calls 48404 459855 48403->48404 48635 438780 48404->48635 48409 44d060 50 API calls 48410 459894 48409->48410 48411 44d060 50 API calls 48410->48411 48412 4598a0 48411->48412 48413 44d060 50 API calls 48412->48413 48414 4598af 48413->48414 48415 44d060 50 API calls 48414->48415 48416 4598c9 48415->48416 48671 4386d0 48416->48671 48419 44d060 50 API calls 48420 45990a 48419->48420 48421 4abbf5 CatchGuardHandler 5 API calls 48420->48421 48422 459924 48421->48422 48423 454730 48422->48423 48424 454833 48423->48424 48425 4547c2 48423->48425 48426 4abbf5 CatchGuardHandler 5 API calls 48424->48426 48425->48424 48429 451e50 50 API calls 48425->48429 48430 44b960 50 API calls 48425->48430 48682 434bc0 55 API calls 48425->48682 48428 45484c 48426->48428 48431 45a590 48428->48431 48429->48425 48430->48425 48432 45a039 48431->48432 48433 45a5a8 48431->48433 48432->48289 48683 44d1a0 50 API calls 48433->48683 48435 45a5b3 48684 4afa0c RaiseException 48435->48684 48437 45a5c1 48685 4ad441 48438->48685 48441 4ad441 ___std_exception_destroy 14 API calls 48442 438db1 48441->48442 48442->48304 48444 45411b 48443->48444 48446 45413b error_info_injector 48443->48446 48444->48446 48689 497d39 50 API calls 2 library calls 48444->48689 48446->48224 48448->48330 48450 4567ac 48449->48450 48453 4567a6 48449->48453 48451 4567c0 48450->48451 48457 449e50 48450->48457 48451->48453 48473 436640 48451->48473 48452 4550af 48452->48336 48452->48337 48453->48452 48482 460310 50 API calls 4 library calls 48453->48482 48458 449e88 48457->48458 48460 449ef4 48458->48460 48461 449edc 48458->48461 48465 449e93 48458->48465 48459 4abbf5 CatchGuardHandler 5 API calls 48463 44a052 48459->48463 48462 494a65 52 API calls 48460->48462 48483 494a65 48461->48483 48469 449f2a _Yarn 48462->48469 48463->48451 48465->48459 48466 44d060 50 API calls 48466->48465 48468 44a06b 48470 44a027 48468->48470 48518 497466 52 API calls 3 library calls 48468->48518 48469->48468 48469->48470 48472 494a65 52 API calls 48469->48472 48503 451e50 48469->48503 48470->48466 48472->48469 48474 436662 48473->48474 48475 43665a 48473->48475 48474->48453 48477 436672 48475->48477 48536 4afa0c RaiseException 48475->48536 48537 436560 50 API calls 48477->48537 48479 4366a8 48538 4afa0c RaiseException 48479->48538 48481 4366b7 std::ios_base::_Ios_base_dtor 48481->48453 48482->48452 48484 494a71 ___scrt_is_nonwritable_in_current_image 48483->48484 48485 494a7b 48484->48485 48486 494a93 48484->48486 48527 4950d4 14 API calls __dosmaperr 48485->48527 48519 494ce8 EnterCriticalSection 48486->48519 48489 494a80 48528 497d29 50 API calls __fread_nolock 48489->48528 48491 494a9e 48492 498cea __fread_nolock 50 API calls 48491->48492 48495 494ab6 48491->48495 48492->48495 48493 494b1e 48529 4950d4 14 API calls __dosmaperr 48493->48529 48494 494b46 48520 494a29 48494->48520 48495->48493 48495->48494 48498 494b4c 48531 494b76 LeaveCriticalSection __fread_nolock 48498->48531 48499 494b23 48530 497d29 50 API calls __fread_nolock 48499->48530 48502 494a8b 48502->48465 48504 451f7a 48503->48504 48507 451e74 48503->48507 48505 4350b0 50 API calls 48504->48505 48506 451f7f 48505->48506 48534 434f80 50 API calls 2 library calls 48506->48534 48509 451ee8 48507->48509 48510 451edb 48507->48510 48512 451e8a 48507->48512 48515 451e9a _Yarn 48507->48515 48513 4abc08 std::_Facet_Register 50 API calls 48509->48513 48510->48506 48510->48512 48511 4abc08 std::_Facet_Register 50 API calls 48511->48515 48512->48511 48513->48515 48517 451f3c _Yarn error_info_injector 48515->48517 48535 497d39 50 API calls 2 library calls 48515->48535 48517->48469 48518->48468 48519->48491 48521 494a35 48520->48521 48525 494a4a __fread_nolock 48520->48525 48532 4950d4 14 API calls __dosmaperr 48521->48532 48523 494a3a 48533 497d29 50 API calls __fread_nolock 48523->48533 48525->48498 48526 494a45 48526->48498 48527->48489 48528->48502 48529->48499 48530->48502 48531->48502 48532->48523 48533->48526 48534->48515 48536->48477 48537->48479 48538->48481 48540 44cc1d 48539->48540 48541 44cabf 48539->48541 48542 44cc2b 48540->48542 48556 44cacb 48540->48556 48541->48540 48543 44cb35 48541->48543 48544 44cac6 48541->48544 48545 44cacd 48541->48545 48546 44cb8d 48541->48546 48541->48556 48564 44ba90 48542->48564 48549 4abc08 std::_Facet_Register 50 API calls 48543->48549 48563 451310 50 API calls 2 library calls 48544->48563 48552 4abc08 std::_Facet_Register 50 API calls 48545->48552 48551 4abc08 std::_Facet_Register 50 API calls 48546->48551 48547 4abbf5 CatchGuardHandler 5 API calls 48553 44cb2c 48547->48553 48555 44cb44 48549->48555 48551->48556 48552->48556 48553->48357 48558 4517f0 50 API calls 48555->48558 48556->48547 48558->48556 48559 44cc4c 48569 4afa0c RaiseException 48559->48569 48561 44cc5d 48563->48556 48565 44bab3 48564->48565 48565->48565 48566 4517f0 50 API calls 48565->48566 48567 44bac5 48566->48567 48568 451b00 50 API calls CatchGuardHandler 48567->48568 48568->48559 48569->48561 48570->48365 48572 44b9e4 48571->48572 48573 4520f0 50 API calls 48572->48573 48575 44b9f4 _Yarn 48572->48575 48574 44ba36 48573->48574 48574->48368 48575->48368 48577 452238 48576->48577 48581 45211b 48576->48581 48578 4350b0 50 API calls 48577->48578 48579 45223d 48578->48579 48612 434f80 50 API calls 2 library calls 48579->48612 48583 452181 48581->48583 48584 45218e 48581->48584 48586 452130 48581->48586 48589 452140 _Yarn 48581->48589 48582 4abc08 std::_Facet_Register 50 API calls 48582->48589 48583->48579 48583->48586 48587 4abc08 std::_Facet_Register 50 API calls 48584->48587 48586->48582 48587->48589 48590 4521f6 _Yarn error_info_injector 48589->48590 48613 497d39 50 API calls 2 library calls 48589->48613 48590->48363 48591->48374 48593 4517da 48592->48593 48598 4516f5 48592->48598 48594 4350b0 50 API calls 48593->48594 48596 4517df 48594->48596 48595 451709 48601 4abc08 std::_Facet_Register 50 API calls 48595->48601 48614 434f80 50 API calls 2 library calls 48596->48614 48598->48595 48599 451763 48598->48599 48600 45175a 48598->48600 48602 451719 _Yarn 48598->48602 48603 4abc08 std::_Facet_Register 50 API calls 48599->48603 48600->48595 48600->48596 48601->48602 48606 4517aa _Yarn error_info_injector 48602->48606 48615 497d39 50 API calls 2 library calls 48602->48615 48603->48602 48606->48378 48608 44b970 48607->48608 48608->48608 48609 44b987 _Yarn 48608->48609 48610 4520f0 50 API calls 48608->48610 48609->48385 48611 44b9be 48610->48611 48611->48385 48612->48589 48614->48602 48676 4350c0 48616->48676 48619 4350c0 50 API calls 48620 438b7d 48619->48620 48621 438bce 48620->48621 48622 4516d0 50 API calls 48620->48622 48623 4520f0 50 API calls 48621->48623 48624 438bdd _Yarn 48621->48624 48622->48621 48623->48624 48625 44b9d0 50 API calls 48624->48625 48626 438c20 48625->48626 48627 4520f0 50 API calls 48626->48627 48628 438c2f _Yarn 48626->48628 48627->48628 48629 44b9d0 50 API calls 48628->48629 48630 438c74 48629->48630 48631 44d060 50 API calls 48630->48631 48632 438c9b 48631->48632 48633 44d060 50 API calls 48632->48633 48634 438ca7 48633->48634 48634->48403 48636 4387e1 48635->48636 48637 438869 48636->48637 48638 4517f0 50 API calls 48636->48638 48639 4388f8 48637->48639 48640 4516d0 50 API calls 48637->48640 48638->48637 48641 4520f0 50 API calls 48639->48641 48642 43890c _Yarn 48639->48642 48640->48639 48641->48642 48643 44b9d0 50 API calls 48642->48643 48644 43893d 48643->48644 48645 438947 48644->48645 48646 451e50 50 API calls 48644->48646 48647 44b9d0 50 API calls 48645->48647 48646->48645 48648 438977 48647->48648 48649 438986 48648->48649 48650 4520f0 50 API calls 48648->48650 48651 44d060 50 API calls 48649->48651 48650->48649 48652 4389dd 48651->48652 48653 4abbf5 CatchGuardHandler 5 API calls 48652->48653 48654 4389f6 48653->48654 48655 4582b0 48654->48655 48656 458351 48655->48656 48657 458341 48655->48657 48659 44b9d0 50 API calls 48656->48659 48658 4516d0 50 API calls 48657->48658 48658->48656 48660 45835e 48659->48660 48661 44b960 50 API calls 48660->48661 48662 45836a 48661->48662 48663 44b9d0 50 API calls 48662->48663 48664 458374 48663->48664 48665 44b960 50 API calls 48664->48665 48666 458380 48665->48666 48667 44b9d0 50 API calls 48666->48667 48668 45838a 48667->48668 48669 44b9d0 50 API calls 48668->48669 48670 458394 48669->48670 48670->48409 48672 4ad3de ___std_exception_copy 50 API calls 48671->48672 48673 43874a 48672->48673 48674 4abbf5 CatchGuardHandler 5 API calls 48673->48674 48675 438777 48674->48675 48675->48419 48677 435106 48676->48677 48677->48677 48678 435148 48677->48678 48679 4517f0 50 API calls 48677->48679 48680 4abbf5 CatchGuardHandler 5 API calls 48678->48680 48679->48678 48681 4351a4 48680->48681 48681->48619 48682->48425 48683->48435 48684->48437 48686 4ad44e 48685->48686 48687 438d9b 48685->48687 48688 497357 std::locale::_Locimp::~_Locimp 14 API calls 48686->48688 48687->48441 48688->48687 48690 455e8e 48691 456790 52 API calls 48690->48691 48692 455e95 48691->48692 48693 456045 48692->48693 48694 455f97 48692->48694 48695 455fd1 48692->48695 48696 455f23 48692->48696 48697 455f5d 48692->48697 48698 455eaf 48692->48698 48699 45607f 48692->48699 48700 455ee9 48692->48700 48701 45600b 48692->48701 48716 455e51 48692->48716 48708 455e4a 48693->48708 48712 451e50 50 API calls 48693->48712 48704 451e50 50 API calls 48694->48704 48694->48708 48707 451e50 50 API calls 48695->48707 48695->48708 48696->48708 48711 451e50 50 API calls 48696->48711 48697->48708 48713 451e50 50 API calls 48697->48713 48706 451e50 50 API calls 48698->48706 48698->48708 48740 456920 52 API calls CatchGuardHandler 48699->48740 48700->48708 48709 451e50 50 API calls 48700->48709 48701->48708 48710 451e50 50 API calls 48701->48710 48702 4abbf5 CatchGuardHandler 5 API calls 48705 456432 48702->48705 48704->48708 48706->48708 48707->48708 48715 456790 52 API calls 48708->48715 48709->48708 48710->48708 48711->48708 48712->48708 48713->48708 48714 456086 48714->48716 48717 456790 52 API calls 48714->48717 48737 4560c7 48714->48737 48715->48716 48716->48702 48718 4560a7 48717->48718 48718->48716 48723 456790 52 API calls 48718->48723 48719 45611c 48722 456131 48719->48722 48724 456180 48719->48724 48725 456159 48719->48725 48720 45610f 48742 456740 50 API calls 48720->48742 48748 456740 50 API calls 48722->48748 48727 4560b7 48723->48727 48746 456740 50 API calls 48724->48746 48743 456740 50 API calls 48725->48743 48727->48716 48741 456920 52 API calls CatchGuardHandler 48727->48741 48730 4561b0 48749 456740 50 API calls 48730->48749 48731 456167 48744 456740 50 API calls 48731->48744 48732 45618e 48747 456740 50 API calls 48732->48747 48737->48716 48737->48719 48737->48720 48738 456171 48745 456740 50 API calls 48738->48745 48740->48714 48741->48737 48742->48708 48743->48731 48744->48738 48745->48708 48746->48732 48747->48722 48748->48730 48749->48708 48750 48d6e6 48751 48d6ff 48750->48751 48770 48d6f3 48750->48770 48752 48d709 48751->48752 48766 48d898 48751->48766 48769 48d742 48752->48769 48795 44b8f0 48752->48795 48753 48d915 48757 48e1c0 55 API calls 48753->48757 48754 4abbf5 CatchGuardHandler 5 API calls 48756 48e0d0 48754->48756 48759 48d92a 48757->48759 48758 48e1c0 55 API calls 48758->48766 48761 48d6a0 5 API calls 48759->48761 48760 48d7fa 48764 48e1c0 55 API calls 48760->48764 48761->48770 48762 48d6a0 5 API calls 48762->48766 48765 48d83e 48764->48765 48768 48d6a0 5 API calls 48765->48768 48766->48753 48766->48758 48766->48762 48768->48770 48769->48760 48771 48e1c0 48769->48771 48791 48d6a0 48769->48791 48770->48754 48776 48e212 48771->48776 48780 48e3fa 48771->48780 48772 48e47a 48814 48e550 50 API calls 48772->48814 48775 48e485 48777 4350c0 50 API calls 48775->48777 48776->48772 48782 48e3f4 48776->48782 48801 48e0dc 48776->48801 48806 48e110 48776->48806 48811 434bc0 55 API calls 48776->48811 48778 48e499 48777->48778 48815 48ef40 50 API calls 48778->48815 48780->48769 48781 48e474 48816 4511a0 50 API calls CatchGuardHandler 48781->48816 48782->48780 48812 48e550 50 API calls 48782->48812 48785 48e4c0 48817 4afa0c RaiseException 48785->48817 48786 48e464 48813 48f020 50 API calls 48786->48813 48792 48d6df 48791->48792 48793 4abbf5 CatchGuardHandler 5 API calls 48792->48793 48794 48e0d0 48793->48794 48794->48769 48796 44b912 48795->48796 48797 44b8fe 48795->48797 48800 44b920 __fread_nolock 48796->48800 48818 451f90 48796->48818 48797->48769 48799 44b953 48799->48769 48800->48769 48802 48e103 48801->48802 48803 48e129 _Yarn 48801->48803 48802->48803 48804 4520f0 50 API calls 48802->48804 48803->48776 48805 48e15d 48804->48805 48805->48776 48807 48e150 48806->48807 48810 48e129 _Yarn 48806->48810 48808 4520f0 50 API calls 48807->48808 48809 48e15d 48808->48809 48809->48776 48810->48776 48811->48776 48812->48786 48813->48781 48814->48775 48815->48781 48816->48785 48819 451fb5 48818->48819 48820 4520d9 48818->48820 48822 451fca 48819->48822 48826 452028 48819->48826 48827 45201b 48819->48827 48830 451fda _Yarn __fread_nolock 48819->48830 48821 4350b0 50 API calls 48820->48821 48823 4520de 48821->48823 48825 4abc08 std::_Facet_Register 50 API calls 48822->48825 48833 434f80 50 API calls 2 library calls 48823->48833 48825->48830 48829 4abc08 std::_Facet_Register 50 API calls 48826->48829 48827->48822 48827->48823 48829->48830 48832 452097 _Yarn __fread_nolock error_info_injector 48830->48832 48834 497d39 50 API calls 2 library calls 48830->48834 48832->48799 48833->48830 48835 48d95a 48836 48d976 48835->48836 48846 48d96a 48835->48846 48837 48d980 48836->48837 48845 48daad 48836->48845 48841 44b8f0 50 API calls 48837->48841 48849 48d9b9 48837->48849 48838 48daf5 48844 48d6a0 5 API calls 48838->48844 48839 4abbf5 CatchGuardHandler 5 API calls 48843 48e0d0 48839->48843 48840 48d6a0 5 API calls 48840->48845 48841->48849 48842 48da31 48847 48d6a0 5 API calls 48842->48847 48844->48846 48845->48838 48845->48840 48846->48839 48847->48846 48848 48d6a0 5 API calls 48848->48849 48849->48842 48849->48848 48850 49865a 48851 49866a 48850->48851 48852 49867d 48850->48852 48889 4950d4 14 API calls __dosmaperr 48851->48889 48854 49868f 48852->48854 48864 4986a2 48852->48864 48891 4950d4 14 API calls __dosmaperr 48854->48891 48855 49866f 48890 497d29 50 API calls __fread_nolock 48855->48890 48858 498694 48892 497d29 50 API calls __fread_nolock 48858->48892 48859 4986c2 48893 4950d4 14 API calls __dosmaperr 48859->48893 48860 4986d3 48881 4a1286 48860->48881 48864->48859 48864->48860 48867 4986ea 48868 4988e0 48867->48868 48901 4a06a5 48867->48901 48917 497d56 IsProcessorFeaturePresent 48868->48917 48871 4988ea 48872 4986fc 48872->48868 48908 4a06d1 48872->48908 48874 49870e 48874->48868 48875 498717 48874->48875 48876 49879c 48875->48876 48877 498738 48875->48877 48879 498679 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 48876->48879 48916 4a12e3 50 API calls 2 library calls 48876->48916 48877->48879 48915 4a12e3 50 API calls 2 library calls 48877->48915 48882 4a1292 ___scrt_is_nonwritable_in_current_image 48881->48882 48883 4986d8 48882->48883 48921 49b2e1 EnterCriticalSection 48882->48921 48894 4a0679 48883->48894 48885 4a12a3 48886 4a12b7 48885->48886 48922 4a11ce 48885->48922 48934 4a12da LeaveCriticalSection std::_Lockit::~_Lockit 48886->48934 48889->48855 48890->48879 48891->48858 48892->48879 48893->48879 48895 4a069a 48894->48895 48896 4a0685 48894->48896 48895->48867 49050 4950d4 14 API calls __dosmaperr 48896->49050 48898 4a068a 49051 497d29 50 API calls __fread_nolock 48898->49051 48900 4a0695 48900->48867 48902 4a06b1 48901->48902 48903 4a06c6 48901->48903 49052 4950d4 14 API calls __dosmaperr 48902->49052 48903->48872 48905 4a06b6 49053 497d29 50 API calls __fread_nolock 48905->49053 48907 4a06c1 48907->48872 48909 4a06dd 48908->48909 48910 4a06f2 48908->48910 49054 4950d4 14 API calls __dosmaperr 48909->49054 48910->48874 48912 4a06e2 49055 497d29 50 API calls __fread_nolock 48912->49055 48914 4a06ed 48914->48874 48915->48879 48916->48879 48918 497d62 48917->48918 49056 497b2d 48918->49056 48921->48885 48935 4a0d24 48922->48935 48925 4a122a 49004 4a1074 48925->49004 48926 4a1221 48944 4a0de2 48926->48944 48929 4a1227 48930 49c0bd __freea 14 API calls 48929->48930 48931 4a1235 48930->48931 48932 4abbf5 CatchGuardHandler 5 API calls 48931->48932 48933 4a1242 48932->48933 48933->48886 48934->48883 48937 4a0d43 _strftime 48935->48937 48936 4a0d4a 48936->48925 48936->48926 48937->48936 49036 49d15a 15 API calls 3 library calls 48937->49036 48939 4a0d6b 48941 49c0bd __freea 14 API calls 48939->48941 48940 4a0d64 _strftime 48940->48939 48942 4a0d8d 48940->48942 48941->48936 48943 49c0bd __freea 14 API calls 48942->48943 48943->48936 48945 4a0df2 _strftime 48944->48945 48946 4a06d1 _strftime 50 API calls 48945->48946 48947 4a0e13 48946->48947 48948 4a0679 _strftime 50 API calls 48947->48948 48974 4a1067 48947->48974 48951 4a0e25 48948->48951 48949 497d56 __Getcoll 11 API calls 48950 4a1073 _strftime 48949->48950 48953 4a06d1 _strftime 50 API calls 48950->48953 48954 4a0e9b 48951->48954 48951->48974 49037 49d15a 15 API calls 3 library calls 48951->49037 48958 4a10a1 48953->48958 48954->48929 48955 4a0e8c 48956 4a0e93 48955->48956 48957 4a0ea1 48955->48957 48959 49c0bd __freea 14 API calls 48956->48959 48960 49c0bd __freea 14 API calls 48957->48960 48961 4a11c3 48958->48961 48963 4a0679 _strftime 50 API calls 48958->48963 48959->48954 48962 4a0eac 48960->48962 48964 497d56 __Getcoll 11 API calls 48961->48964 49038 4a4e67 50 API calls 2 library calls 48962->49038 48965 4a10b3 48963->48965 48966 4a11cd 48964->48966 48965->48961 48968 4a06a5 _strftime 50 API calls 48965->48968 48969 4a0d24 _strftime 15 API calls 48966->48969 48972 4a10c5 48968->48972 48970 4a1207 48969->48970 48973 4a122a 48970->48973 48976 4a1221 48970->48976 48971 4a0ed3 48971->48974 48985 4a0ede __fread_nolock 48971->48985 48972->48961 48975 4a10ce 48972->48975 48977 4a1074 _strftime 55 API calls 48973->48977 48974->48949 48978 49c0bd __freea 14 API calls 48975->48978 48979 4a0de2 _strftime 55 API calls 48976->48979 48980 4a1227 48977->48980 48981 4a10d9 GetTimeZoneInformation 48978->48981 48979->48980 48982 49c0bd __freea 14 API calls 48980->48982 48988 4a119d _strftime 48981->48988 48990 4a10f5 __fread_nolock 48981->48990 48983 4a1235 48982->48983 48984 4abbf5 CatchGuardHandler 5 API calls 48983->48984 48986 4a1242 48984->48986 49039 4a0d9b 56 API calls 6 library calls 48985->49039 48986->48929 48988->48929 48989 4a0f23 49040 4949e3 51 API calls 2 library calls 48989->49040 49044 4a3e20 50 API calls __Getcoll 48990->49044 48993 4a1178 49045 4a1244 56 API calls 4 library calls 48993->49045 48995 4a1189 49046 4a1244 56 API calls 4 library calls 48995->49046 48996 4a0f57 48998 4a0fe9 48996->48998 49041 4949e3 51 API calls 2 library calls 48996->49041 49002 4a104b _strftime 48998->49002 49043 4a0d9b 56 API calls 6 library calls 48998->49043 49001 4a0f94 49001->48998 49042 4949e3 51 API calls 2 library calls 49001->49042 49002->48974 49005 4a1084 _strftime 49004->49005 49006 4a06d1 _strftime 50 API calls 49005->49006 49007 4a10a1 49006->49007 49008 4a11c3 49007->49008 49009 4a0679 _strftime 50 API calls 49007->49009 49010 497d56 __Getcoll 11 API calls 49008->49010 49011 4a10b3 49009->49011 49012 4a11cd 49010->49012 49011->49008 49013 4a06a5 _strftime 50 API calls 49011->49013 49014 4a0d24 _strftime 15 API calls 49012->49014 49016 4a10c5 49013->49016 49015 4a1207 49014->49015 49017 4a122a 49015->49017 49019 4a1221 49015->49019 49016->49008 49018 4a10ce 49016->49018 49020 4a1074 _strftime 55 API calls 49017->49020 49021 49c0bd __freea 14 API calls 49018->49021 49022 4a0de2 _strftime 55 API calls 49019->49022 49023 4a1227 49020->49023 49024 4a10d9 GetTimeZoneInformation 49021->49024 49022->49023 49025 49c0bd __freea 14 API calls 49023->49025 49029 4a119d _strftime 49024->49029 49030 4a10f5 __fread_nolock 49024->49030 49026 4a1235 49025->49026 49027 4abbf5 CatchGuardHandler 5 API calls 49026->49027 49028 4a1242 49027->49028 49028->48929 49029->48929 49047 4a3e20 50 API calls __Getcoll 49030->49047 49032 4a1178 49048 4a1244 56 API calls 4 library calls 49032->49048 49034 4a1189 49049 4a1244 56 API calls 4 library calls 49034->49049 49036->48940 49037->48955 49038->48971 49039->48989 49040->48996 49041->49001 49042->48998 49043->49002 49044->48993 49045->48995 49046->48988 49047->49032 49048->49034 49049->49029 49050->48898 49051->48900 49052->48905 49053->48907 49054->48912 49055->48914 49057 497b49 __fread_nolock CallUnexpected 49056->49057 49058 497b75 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 49057->49058 49060 497c46 CallUnexpected 49058->49060 49059 4abbf5 CatchGuardHandler 5 API calls 49061 497c64 GetCurrentProcess TerminateProcess 49059->49061 49060->49059 49061->48871 49062 4ac379 49063 4ac385 ___scrt_is_nonwritable_in_current_image 49062->49063 49090 4abdc3 49063->49090 49065 4ac38c 49066 4ac4df 49065->49066 49074 4ac3b6 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 49065->49074 49190 4ac6bf 4 API calls 2 library calls 49066->49190 49068 4ac4e6 49183 4a2a0e 49068->49183 49072 4ac4f4 49073 4ac3d5 49074->49073 49080 4ac456 49074->49080 49186 4a29e8 50 API calls 4 library calls 49074->49186 49101 4ac7d4 49080->49101 49091 4abdcc 49090->49091 49192 4aca4b IsProcessorFeaturePresent 49091->49192 49093 4abdd8 49193 4af9d6 10 API calls 2 library calls 49093->49193 49095 4abddd 49100 4abde1 49095->49100 49194 4ba4fc 49095->49194 49098 4abdf8 49098->49065 49100->49065 49257 4ade50 49101->49257 49104 4ac45c 49105 4ba53e 49104->49105 49259 4a3a7a 49105->49259 49107 4ba547 49108 4ac464 49107->49108 49265 4bb09f 50 API calls 49107->49265 49110 47e240 GetCurrentProcess OpenProcessToken 49108->49110 49111 47e2b4 GetTokenInformation 49110->49111 49112 47e2d8 49110->49112 49111->49112 49113 47e2f2 CloseHandle 49112->49113 49114 47e2f9 49112->49114 49113->49114 49115 47e337 49114->49115 49116 47e2fd 49114->49116 49268 48cb50 49115->49268 50393 481970 51 API calls 2 library calls 49116->50393 49119 47e308 50394 48aa80 70 API calls CatchGuardHandler 49119->50394 49122 48cb50 10 API calls 49124 47e34b 49122->49124 49123 47e316 49125 47e328 ExitProcess 49123->49125 49278 47ecc0 49124->49278 49128 44d060 50 API calls 49129 47e3fe OpenMutexA 49128->49129 49130 47e426 CreateMutexA 49129->49130 49131 47e41b ExitProcess 49129->49131 49282 479130 49130->49282 52979 4a2800 49183->52979 49186->49080 49190->49068 49191 4a29d2 50 API calls CallUnexpected 49191->49072 49192->49093 49193->49095 49198 4bb0d0 49194->49198 49197 4af9f5 7 API calls 2 library calls 49197->49100 49199 4bb0e0 49198->49199 49200 4abdea 49198->49200 49199->49200 49203 49ae1f 49199->49203 49215 49ad6f 49199->49215 49200->49098 49200->49197 49204 49ae2b ___scrt_is_nonwritable_in_current_image 49203->49204 49220 49b2e1 EnterCriticalSection 49204->49220 49206 49ae32 49221 4a2ddd 49206->49221 49211 49ae4b 49213 49ad6f 2 API calls 49211->49213 49212 49ae61 49212->49199 49214 49ae50 49213->49214 49235 49ae76 LeaveCriticalSection std::_Lockit::~_Lockit 49214->49235 49216 49ad76 49215->49216 49217 49adb9 GetStdHandle 49216->49217 49218 49ae1b 49216->49218 49219 49adcc GetFileType 49216->49219 49217->49216 49218->49199 49219->49216 49220->49206 49222 4a2de9 ___scrt_is_nonwritable_in_current_image 49221->49222 49223 4a2df2 49222->49223 49224 4a2e13 49222->49224 49244 4950d4 14 API calls __dosmaperr 49223->49244 49236 49b2e1 EnterCriticalSection 49224->49236 49227 4a2df7 49245 497d29 50 API calls __fread_nolock 49227->49245 49229 49ae41 49229->49214 49234 49acb9 53 API calls 49229->49234 49230 4a2e4b 49246 4a2e72 LeaveCriticalSection std::_Lockit::~_Lockit 49230->49246 49232 4a2e1f 49232->49230 49237 4a2d2d 49232->49237 49234->49211 49235->49212 49236->49232 49247 49c6a4 49237->49247 49239 4a2d4c 49241 49c0bd __freea 14 API calls 49239->49241 49240 4a2d3f 49240->49239 49254 49cd70 6 API calls std::_Lockit::_Lockit 49240->49254 49243 4a2da1 49241->49243 49243->49232 49244->49227 49245->49229 49246->49229 49252 49c6b1 _strftime 49247->49252 49248 49c6f1 49256 4950d4 14 API calls __dosmaperr 49248->49256 49249 49c6dc RtlAllocateHeap 49250 49c6ef 49249->49250 49249->49252 49250->49240 49252->49248 49252->49249 49255 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 49252->49255 49254->49240 49255->49252 49256->49250 49258 4ac7e7 GetStartupInfoW 49257->49258 49258->49104 49260 4a3a83 49259->49260 49264 4a3ab5 49259->49264 49266 499362 50 API calls 3 library calls 49260->49266 49262 4a3aa6 49267 4a3885 60 API calls 3 library calls 49262->49267 49264->49107 49265->49107 49266->49262 49267->49264 49269 48cbb0 49268->49269 49269->49269 49270 48cbbb GetCurrentProcess OpenProcessToken 49269->49270 49271 48cbd2 LookupPrivilegeValueW 49270->49271 49273 48cc1d 49270->49273 49272 48cbe9 AdjustTokenPrivileges 49271->49272 49271->49273 49272->49273 49274 48cc2d CloseHandle 49273->49274 49275 48cc37 49273->49275 49274->49275 49276 4abbf5 CatchGuardHandler 5 API calls 49275->49276 49277 47e341 49276->49277 49277->49122 49279 47ed00 49278->49279 49279->49279 50397 4740f0 49279->50397 49281 47e3ec 49281->49128 50403 478d40 49282->50403 49285 4517f0 50 API calls 49286 479249 49285->49286 49287 4517f0 50 API calls 49286->49287 49288 47930d 49287->49288 49289 4517f0 50 API calls 49288->49289 49290 4793d1 49289->49290 49291 4517f0 50 API calls 49290->49291 49292 479499 49291->49292 49293 4517f0 50 API calls 49292->49293 49294 47955d 49293->49294 49295 4517f0 50 API calls 49294->49295 49296 479621 49295->49296 49297 4517f0 50 API calls 49296->49297 49298 4796e9 49297->49298 49299 4517f0 50 API calls 49298->49299 49300 4797ad 49299->49300 49301 4517f0 50 API calls 49300->49301 49302 479871 49301->49302 49303 4517f0 50 API calls 49302->49303 49304 479939 49303->49304 50428 479ec0 49304->50428 49306 47996e 50454 44d7d0 49306->50454 49308 4799a2 50469 4738e0 49308->50469 49311 44ba90 50 API calls 49312 4799ed 49311->49312 50480 44eb90 49312->50480 49319 479a38 50518 44c960 49319->50518 49320 44c960 50 API calls 49320->49319 49322 479a70 49323 44d060 50 API calls 49322->49323 49324 479a7f 49323->49324 49325 44d060 50 API calls 49324->49325 49326 479a8e 49325->49326 49327 44eb90 50 API calls 49326->49327 49328 479a9b 49327->49328 50527 479c20 49328->50527 49331 44eb90 50 API calls 49332 479ab5 49331->49332 50536 479d70 49332->50536 50393->49119 50394->49123 50398 474178 50397->50398 50401 47410a _Yarn 50397->50401 50402 477640 53 API calls 5 library calls 50398->50402 50400 474186 50400->49281 50401->49281 50402->50400 50404 4517f0 50 API calls 50403->50404 50407 478dc8 _Yarn 50404->50407 50544 44fe10 50407->50544 50408 4517f0 50 API calls 50409 478ee8 50408->50409 50410 44fe10 50 API calls 50409->50410 50411 478efd 50410->50411 50412 44d060 50 API calls 50411->50412 50413 478f0c 50412->50413 50414 4517f0 50 API calls 50413->50414 50415 478f3c 50414->50415 50416 44fe10 50 API calls 50415->50416 50417 478f51 50416->50417 50418 44d060 50 API calls 50417->50418 50424 478f60 50418->50424 50419 44d060 50 API calls 50420 4790ef 50419->50420 50421 44d060 50 API calls 50420->50421 50422 4790fe 50421->50422 50423 44d060 50 API calls 50422->50423 50425 47910a 50423->50425 50424->50419 50424->50424 50426 4abbf5 CatchGuardHandler 5 API calls 50425->50426 50427 479127 50426->50427 50427->49285 50429 479ef7 50428->50429 50430 479fdc 50428->50430 50431 47a0c0 50429->50431 50448 479f03 50429->50448 50437 47a062 50430->50437 50438 47a001 50430->50438 50552 449730 50 API calls 50431->50552 50433 47a0b1 50433->49306 50434 47a094 50434->50433 50439 44d060 50 API calls 50434->50439 50436 47a0c5 50553 497d39 50 API calls 2 library calls 50436->50553 50437->50434 50449 44d7d0 50 API calls 50437->50449 50442 47a03c 50438->50442 50446 44d7d0 50 API calls 50438->50446 50439->50434 50440 47a053 50440->49306 50551 47a0d0 50 API calls CatchGuardHandler 50442->50551 50443 479f44 50443->50436 50445 479f84 error_info_injector 50443->50445 50549 454e60 50 API calls 2 library calls 50445->50549 50446->50438 50448->50443 50448->50445 50451 44d060 50 API calls 50448->50451 50449->50437 50450 479fb1 50550 47a0d0 50 API calls CatchGuardHandler 50450->50550 50451->50448 50453 479fcd 50453->49306 50458 44d7ee _Yarn 50454->50458 50459 44d814 50454->50459 50455 44d8f4 50456 4350b0 50 API calls 50455->50456 50457 44d8f9 50456->50457 50555 434f80 50 API calls 2 library calls 50457->50555 50458->49308 50459->50455 50463 44d857 50459->50463 50464 44d88b 50459->50464 50467 44d84b _Yarn 50459->50467 50461 4abc08 std::_Facet_Register 50 API calls 50461->50467 50462 44d8fe 50463->50457 50463->50461 50465 4abc08 std::_Facet_Register 50 API calls 50464->50465 50465->50467 50468 44d8d6 error_info_injector 50467->50468 50554 497d39 50 API calls 2 library calls 50467->50554 50468->49308 50470 44ca70 50 API calls 50469->50470 50471 473957 50470->50471 50556 4759f0 50471->50556 50476 44d060 50 API calls 50477 4739e6 50476->50477 50478 454ec0 50 API calls 50477->50478 50479 4739f2 50478->50479 50479->49311 50481 44ebf1 50480->50481 50481->50481 50482 4517f0 50 API calls 50481->50482 50483 44ec06 50482->50483 50779 44a980 50483->50779 50486 44f070 50487 44f13c 50486->50487 50488 44f0ef 50486->50488 50810 4510c0 50 API calls 50487->50810 50489 44f10a 50488->50489 50490 44d7d0 50 API calls 50488->50490 50497 44f180 50489->50497 50490->50489 50492 44f155 50811 4511a0 50 API calls CatchGuardHandler 50492->50811 50494 44f16a 50812 4afa0c RaiseException 50494->50812 50496 44f17b 50506 44f220 50497->50506 50498 44f31c 50499 44f3e6 50498->50499 50500 44f343 50498->50500 50815 44d7c0 50 API calls 50499->50815 50502 4517f0 50 API calls 50500->50502 50505 44f362 50502->50505 50503 4517f0 50 API calls 50503->50506 50507 44f373 50505->50507 50814 45ffe0 50 API calls 50505->50814 50506->50498 50506->50499 50506->50503 50508 44d060 50 API calls 50506->50508 50513 44bad0 50 API calls 50506->50513 50813 458940 50 API calls 50506->50813 50510 44d060 50 API calls 50507->50510 50508->50506 50511 44f3ba 50510->50511 50512 44d060 50 API calls 50511->50512 50514 44f3c6 50512->50514 50513->50506 50516 4abbf5 CatchGuardHandler 5 API calls 50514->50516 50517 44f3df 50516->50517 50517->49319 50517->49320 50519 44c98d 50518->50519 50522 44c9d8 error_info_injector 50518->50522 50520 44c9a2 50519->50520 50521 44d060 50 API calls 50519->50521 50520->50522 50816 497d39 50 API calls 2 library calls 50520->50816 50521->50519 50522->49322 50528 479c53 50527->50528 50529 479aa2 50528->50529 50817 4510c0 50 API calls 50528->50817 50529->49331 50531 479d14 50818 4511a0 50 API calls CatchGuardHandler 50531->50818 50533 479d29 50819 4afa0c RaiseException 50533->50819 50535 479d3a 50537 479da3 50536->50537 50820 4510c0 50 API calls 50537->50820 50539 479e63 50821 4511a0 50 API calls CatchGuardHandler 50539->50821 50541 479e78 50822 4afa0c RaiseException 50541->50822 50543 479e89 50545 44b8f0 50 API calls 50544->50545 50548 44fea4 _Yarn 50545->50548 50546 44b8f0 50 API calls 50547 44ffad 50546->50547 50547->50408 50548->50546 50549->50450 50550->50453 50551->50440 50555->50462 50558 475a5c 50556->50558 50638 494d10 50558->50638 50561 4739ba 50562 473b90 50561->50562 50563 473e7f 50562->50563 50567 473bec __fread_nolock 50562->50567 50774 476a20 55 API calls CatchGuardHandler 50563->50774 50565 473eca 50566 474190 53 API calls 50565->50566 50569 473eda 50566->50569 50771 454180 50 API calls 50567->50771 50571 474003 50569->50571 50574 4517f0 50 API calls 50569->50574 50570 473c61 50772 475df0 55 API calls CatchGuardHandler 50570->50772 50572 474076 50571->50572 50576 44ca70 50 API calls 50571->50576 50578 4540f0 50 API calls 50572->50578 50575 473f16 50574->50575 50579 4543f0 55 API calls 50575->50579 50580 474029 50576->50580 50577 473c76 50581 474190 53 API calls 50577->50581 50582 473e7a 50578->50582 50583 473f31 50579->50583 50584 44d3b0 50 API calls 50580->50584 50585 473c7e 50581->50585 50586 4abbf5 CatchGuardHandler 5 API calls 50582->50586 50587 459790 50 API calls 50583->50587 50584->50572 50588 473d96 50585->50588 50591 4517f0 50 API calls 50585->50591 50589 4739cd 50586->50589 50590 473f5f 50587->50590 50592 473df6 50588->50592 50593 473d9c 50588->50593 50589->50476 50595 454730 55 API calls 50590->50595 50596 473cae 50591->50596 50594 473e68 50592->50594 50598 44ca70 50 API calls 50592->50598 50597 44ca70 50 API calls 50593->50597 50773 453fe0 50 API calls 50594->50773 50599 473f7a 50595->50599 50601 4543f0 55 API calls 50596->50601 50602 473dbc 50597->50602 50598->50602 50603 473f8c 50599->50603 50604 4740c9 50599->50604 50605 473cc6 50601->50605 50607 44d3b0 50 API calls 50602->50607 50608 44d060 50 API calls 50603->50608 50777 44d1a0 50 API calls 50604->50777 50609 459790 50 API calls 50605->50609 50607->50594 50611 473f9b 50608->50611 50612 473cf4 50609->50612 50610 4740d5 50778 4afa0c RaiseException 50610->50778 50615 4ad441 ___std_exception_destroy 14 API calls 50611->50615 50613 454730 55 API calls 50612->50613 50616 473d10 50613->50616 50618 473fc5 50615->50618 50619 4740a7 50616->50619 50620 473d22 50616->50620 50617 4740e6 50621 4ad441 ___std_exception_destroy 14 API calls 50618->50621 50775 44d1a0 50 API calls 50619->50775 50622 44d060 50 API calls 50620->50622 50624 473fe2 50621->50624 50625 473d31 50622->50625 50627 44d060 50 API calls 50624->50627 50628 4ad441 ___std_exception_destroy 14 API calls 50625->50628 50626 4740b8 50776 4afa0c RaiseException 50626->50776 50630 473ff4 50627->50630 50632 473d5b 50628->50632 50631 44d060 50 API calls 50630->50631 50631->50571 50633 4ad441 ___std_exception_destroy 14 API calls 50632->50633 50634 473d78 50633->50634 50635 44d060 50 API calls 50634->50635 50636 473d8a 50635->50636 50637 44d060 50 API calls 50636->50637 50637->50588 50709 4992a7 GetLastError 50638->50709 50643 474190 50644 4741a9 50643->50644 50649 4741ec 50643->50649 50760 475760 50 API calls 50644->50760 50647 4741ae 50647->50649 50761 475760 50 API calls 50647->50761 50648 474243 50653 474389 50648->50653 50654 474286 50648->50654 50655 474324 50648->50655 50656 4742c2 50648->50656 50657 4742ae 50648->50657 50658 474349 50648->50658 50659 4742d6 50648->50659 50660 474375 50648->50660 50661 474272 50648->50661 50662 47435f 50648->50662 50663 47425e 50648->50663 50664 4742fb 50648->50664 50665 47429a 50648->50665 50763 474460 50 API calls 50649->50763 50651 4741bc 50668 4741d1 50651->50668 50762 475760 50 API calls 50651->50762 50672 4abbf5 CatchGuardHandler 5 API calls 50653->50672 50666 4abbf5 CatchGuardHandler 5 API calls 50654->50666 50768 4744f0 50 API calls 50655->50768 50673 4abbf5 CatchGuardHandler 5 API calls 50656->50673 50671 4abbf5 CatchGuardHandler 5 API calls 50657->50671 50769 474e30 50 API calls CatchGuardHandler 50658->50769 50766 4744f0 50 API calls 50659->50766 50670 4abbf5 CatchGuardHandler 5 API calls 50660->50670 50679 4abbf5 CatchGuardHandler 5 API calls 50661->50679 50770 4745a0 53 API calls 2 library calls 50662->50770 50677 4abbf5 CatchGuardHandler 5 API calls 50663->50677 50767 4744f0 50 API calls 50664->50767 50669 4abbf5 CatchGuardHandler 5 API calls 50665->50669 50680 474296 50666->50680 50684 4abbf5 CatchGuardHandler 5 API calls 50668->50684 50683 4742aa 50669->50683 50685 474385 50670->50685 50686 4742be 50671->50686 50687 4743a0 50672->50687 50688 4742d2 50673->50688 50692 47426e 50677->50692 50694 474282 50679->50694 50680->50561 50681 474366 50695 4abbf5 CatchGuardHandler 5 API calls 50681->50695 50683->50561 50697 4741e8 50684->50697 50685->50561 50686->50561 50687->50561 50688->50561 50689 4742ec 50698 4abbf5 CatchGuardHandler 5 API calls 50689->50698 50690 474315 50699 4abbf5 CatchGuardHandler 5 API calls 50690->50699 50691 47433a 50701 4abbf5 CatchGuardHandler 5 API calls 50691->50701 50692->50561 50693 474350 50702 4abbf5 CatchGuardHandler 5 API calls 50693->50702 50694->50561 50703 474371 50695->50703 50696 4741ca 50696->50649 50696->50668 50697->50561 50704 4742f7 50698->50704 50705 474320 50699->50705 50707 474345 50701->50707 50708 47435b 50702->50708 50703->50561 50704->50561 50705->50561 50706 47421b 50706->50648 50706->50653 50764 474d00 50 API calls 50706->50764 50765 474460 50 API calls 50706->50765 50707->50561 50708->50561 50710 4992bd 50709->50710 50714 4992c3 50709->50714 50740 49cbd8 6 API calls std::_Lockit::_Lockit 50710->50740 50713 4992df 50716 49c6a4 __dosmaperr 14 API calls 50713->50716 50733 4992c7 SetLastError 50713->50733 50714->50733 50741 49cc17 6 API calls std::_Lockit::_Lockit 50714->50741 50717 4992f4 50716->50717 50720 49930d 50717->50720 50721 4992fc 50717->50721 50718 49935c 50746 498ca6 50718->50746 50719 494d1b 50736 49b0ec 50719->50736 50743 49cc17 6 API calls std::_Lockit::_Lockit 50720->50743 50742 49cc17 6 API calls std::_Lockit::_Lockit 50721->50742 50726 49930a 50731 49c0bd __freea 14 API calls 50726->50731 50727 499319 50728 49931d 50727->50728 50729 499334 50727->50729 50744 49cc17 6 API calls std::_Lockit::_Lockit 50728->50744 50745 4990d5 14 API calls __dosmaperr 50729->50745 50731->50733 50733->50718 50733->50719 50734 49933f 50735 49c0bd __freea 14 API calls 50734->50735 50735->50733 50737 49b0ff 50736->50737 50738 475b5c 50736->50738 50737->50738 50759 4a342d 50 API calls 4 library calls 50737->50759 50738->50643 50740->50714 50741->50713 50742->50726 50743->50727 50744->50726 50745->50734 50755 4a2af6 EnterCriticalSection LeaveCriticalSection CallUnexpected 50746->50755 50748 498cab 50748->50746 50750 498cc0 IsProcessorFeaturePresent 50748->50750 50752 497b2d CallUnexpected 8 API calls 50748->50752 50754 499361 50748->50754 50756 4a2b3b 50 API calls 7 library calls 50748->50756 50757 4a29d2 50 API calls CallUnexpected 50748->50757 50758 4afade 23 API calls 4 library calls 50748->50758 50750->50748 50752->50748 50755->50748 50756->50748 50757->50748 50758->50748 50759->50738 50760->50647 50761->50651 50762->50696 50763->50706 50764->50706 50765->50706 50766->50689 50767->50690 50768->50691 50769->50693 50770->50681 50771->50570 50772->50577 50773->50582 50774->50565 50775->50626 50776->50604 50777->50610 50778->50617 50780 44a9b5 50779->50780 50784 44a9bd 50779->50784 50805 451310 50 API calls 2 library calls 50780->50805 50782 44a9c5 50795 458110 50782->50795 50783 44a9fe 50806 4513c0 50 API calls 50783->50806 50784->50782 50784->50783 50786 44a9d6 50788 44d060 50 API calls 50786->50788 50789 44a9e8 50788->50789 50789->50486 50790 44aa14 50807 4511a0 50 API calls CatchGuardHandler 50790->50807 50792 44aa26 50808 4afa0c RaiseException 50792->50808 50794 44aa37 50798 458164 50795->50798 50796 4581c4 50799 4abc08 std::_Facet_Register 50 API calls 50796->50799 50797 4582a0 50809 4351b0 50 API calls 50797->50809 50798->50796 50798->50797 50804 4581a4 50798->50804 50801 4581e5 50799->50801 50803 44ca70 50 API calls 50801->50803 50803->50804 50804->50786 50805->50784 50806->50790 50807->50792 50808->50794 50810->50492 50811->50494 50812->50496 50813->50506 50814->50507 50817->50531 50818->50533 50819->50535 50820->50539 50821->50541 50822->50543 52980 4a283f 52979->52980 52981 4a282d 52979->52981 52991 4a26b0 52980->52991 53006 4a28c8 GetModuleHandleW 52981->53006 52984 4a2832 52984->52980 53007 4a2923 GetModuleHandleExW 52984->53007 52986 4a287c 52986->49191 52992 4a26bc ___scrt_is_nonwritable_in_current_image 52991->52992 53013 49b2e1 EnterCriticalSection 52992->53013 52994 4a26c6 53014 4a2718 52994->53014 52996 4a26d3 53018 4a26f1 52996->53018 52999 4a2897 53051 4a290a 52999->53051 53001 4a28a1 53002 4a28b5 53001->53002 53003 4a28a5 GetCurrentProcess TerminateProcess 53001->53003 53004 4a2923 CallUnexpected 3 API calls 53002->53004 53003->53002 53005 4a28bd ExitProcess 53004->53005 53006->52984 53008 4a2962 GetProcAddress 53007->53008 53009 4a2983 53007->53009 53008->53009 53010 4a2976 53008->53010 53011 4a2989 FreeLibrary 53009->53011 53012 4a283e 53009->53012 53010->53009 53011->53012 53012->52980 53013->52994 53016 4a2724 ___scrt_is_nonwritable_in_current_image CallUnexpected 53014->53016 53015 4a2788 CallUnexpected 53015->52996 53016->53015 53021 4a8d62 53016->53021 53050 49b329 LeaveCriticalSection 53018->53050 53020 4a26df 53020->52986 53020->52999 53022 4a8d6e __EH_prolog3 53021->53022 53025 4a8aba 53022->53025 53024 4a8d95 CallUnexpected 53024->53015 53026 4a8ac6 ___scrt_is_nonwritable_in_current_image 53025->53026 53033 49b2e1 EnterCriticalSection 53026->53033 53028 4a8ad4 53034 4a8c72 53028->53034 53032 4a8af2 53032->53024 53033->53028 53035 4a8ae1 53034->53035 53038 4a8c91 53034->53038 53040 4a8b09 LeaveCriticalSection std::_Lockit::~_Lockit 53035->53040 53036 4a8d1f 53036->53035 53037 49c0bd __freea 14 API calls 53036->53037 53037->53035 53038->53035 53038->53036 53041 4cee50 53038->53041 53040->53032 53042 44d3b0 50 API calls 53041->53042 53043 4cee99 53042->53043 53044 44cfd0 50 API calls 53043->53044 53045 4ceeb2 53044->53045 53046 44cfd0 50 API calls 53045->53046 53047 4ceecb 53046->53047 53048 44cfd0 50 API calls 53047->53048 53049 4ceeea 53048->53049 53049->53038 53050->53020 53054 4a6ed5 5 API calls CallUnexpected 53051->53054 53053 4a290f CallUnexpected 53053->53001 53054->53053 53055 44a0b0 53056 44a0bc 53055->53056 53057 44a0c7 53056->53057 53059 449e50 52 API calls 53056->53059 53058 44a0d4 53059->53058 53060 470ef0 53061 4385b0 62 API calls 53060->53061 53062 470f74 53061->53062 53063 4385b0 62 API calls 53062->53063 53065 4717ff 53063->53065 53064 471c5b 53066 4abbf5 CatchGuardHandler 5 API calls 53064->53066 53065->53064 53068 44e320 50 API calls 53065->53068 53067 471c72 53066->53067 53069 471873 53068->53069 53070 436ee0 56 API calls 53069->53070 53071 47188f 53070->53071 53145 4735e0 53071->53145 53074 44d060 50 API calls 53075 4718b3 53074->53075 53076 44cfd0 50 API calls 53075->53076 53077 4718d9 53076->53077 53078 481830 134 API calls 53077->53078 53079 4718e7 53078->53079 53080 471c37 53079->53080 53082 44cd00 50 API calls 53079->53082 53081 471c49 53080->53081 53083 44d060 50 API calls 53080->53083 53085 44d060 50 API calls 53081->53085 53084 471908 53082->53084 53083->53081 53086 44d3b0 50 API calls 53084->53086 53085->53064 53087 47194e 53086->53087 53088 4abc08 std::_Facet_Register 50 API calls 53087->53088 53089 471964 53088->53089 53090 44bad0 50 API calls 53089->53090 53091 471984 53090->53091 53092 4517f0 50 API calls 53091->53092 53093 4719d0 53092->53093 53094 44a980 50 API calls 53093->53094 53095 4719e0 53094->53095 53096 44d3b0 50 API calls 53095->53096 53097 471a2f 53096->53097 53097->53080 53098 471c9c 53097->53098 53099 4368a0 RaiseException 53098->53099 53100 471ca1 53099->53100 53101 44e320 50 API calls 53100->53101 53102 471d45 53101->53102 53103 436ee0 56 API calls 53102->53103 53104 471d61 53103->53104 53105 44cfd0 50 API calls 53104->53105 53106 471d88 53105->53106 53107 44eaf0 53 API calls 53106->53107 53108 472133 53107->53108 53109 437150 50 API calls 53108->53109 53110 47214e 53109->53110 53111 44cfd0 50 API calls 53110->53111 53112 472161 53111->53112 53113 44ba90 50 API calls 53112->53113 53114 472348 53113->53114 53115 45d680 53 API calls 53114->53115 53116 47238c 53115->53116 53117 437150 50 API calls 53116->53117 53118 4723c3 53117->53118 53119 481110 134 API calls 53118->53119 53120 4723d7 53119->53120 53121 44cfd0 50 API calls 53120->53121 53122 4723ea 53121->53122 53123 44cfd0 50 API calls 53122->53123 53124 4723fd 53123->53124 53149 449510 61 API calls 53124->53149 53126 4727e0 53128 472dc5 53126->53128 53150 4384a0 53126->53150 53130 438f80 50 API calls 53128->53130 53131 472de3 53130->53131 53133 44d060 50 API calls 53131->53133 53132 472e47 53134 4368a0 RaiseException 53132->53134 53135 472def 53133->53135 53136 472e4c 53134->53136 53137 44cfd0 50 API calls 53135->53137 53138 437c30 55 API calls 53136->53138 53139 472e02 53137->53139 53140 472e60 53138->53140 53141 44d060 50 API calls 53139->53141 53142 472e29 53141->53142 53143 4abbf5 CatchGuardHandler 5 API calls 53142->53143 53144 472e40 53143->53144 53146 47361a 53145->53146 53147 4740f0 53 API calls 53146->53147 53148 4718a1 53147->53148 53148->53074 53149->53126 53151 4385b0 62 API calls 53150->53151 53152 4384bc 53151->53152 53153 4384dc 53152->53153 53154 4384f7 53152->53154 53155 4abbf5 CatchGuardHandler 5 API calls 53153->53155 53156 437c30 55 API calls 53154->53156 53158 4384ed 53155->53158 53157 438505 53156->53157 53158->53128 53158->53132 53159 4865d0 53190 47fd70 53159->53190 53162 48689b 53197 47fb50 53162->53197 53166 48666c 53169 44e320 50 API calls 53166->53169 53170 4866cf 53169->53170 53173 44cfd0 50 API calls 53170->53173 53175 486715 GetVolumeInformationW 53173->53175 53176 44cfd0 50 API calls 53175->53176 53178 486778 __fread_nolock 53176->53178 53177 48677c 53179 4abbf5 CatchGuardHandler 5 API calls 53177->53179 53178->53177 53204 47b120 61 API calls 53178->53204 53181 486894 53179->53181 53182 4867c5 53205 47b1e0 59 API calls 53182->53205 53184 4867fa 53185 448cc0 50 API calls 53184->53185 53186 48680c 53185->53186 53187 44d060 50 API calls 53186->53187 53188 48686c 53187->53188 53189 447920 50 API calls 53188->53189 53189->53177 53191 47fe28 53190->53191 53194 47fe0c 53190->53194 53191->53194 53210 451cf0 50 API calls 2 library calls 53191->53210 53196 47ff2c 53194->53196 53206 4b8517 GetCurrentDirectoryW 53194->53206 53211 451cf0 50 API calls 2 library calls 53194->53211 53196->53162 53196->53166 53198 44ba90 50 API calls 53197->53198 53199 47fb9d 53198->53199 53212 437450 50 API calls 53199->53212 53201 47fbb5 53213 4afa0c RaiseException 53201->53213 53203 47fbc6 53204->53182 53205->53184 53207 4b852d 53206->53207 53208 4b8536 GetLastError 53206->53208 53207->53208 53209 4b8532 53207->53209 53208->53209 53209->53194 53210->53194 53211->53194 53212->53201 53213->53203 53214 4561bf 53215 4561cf 53214->53215 53216 451e50 50 API calls 53215->53216 53217 456200 53216->53217 53218 451e50 50 API calls 53217->53218 53218->53217 53219 4bb697 53224 4bb3a9 53219->53224 53222 4bb6d6 53230 4bb3d7 53224->53230 53225 4bb527 53229 4bb532 53225->53229 53242 4950d4 14 API calls __dosmaperr 53225->53242 53227 4bb602 53243 497d29 50 API calls __fread_nolock 53227->53243 53229->53222 53236 4bc8a4 53229->53236 53230->53225 53239 4a92c0 51 API calls 2 library calls 53230->53239 53232 4bb58f 53232->53225 53240 4a92c0 51 API calls 2 library calls 53232->53240 53234 4bb5ad 53234->53225 53241 4a92c0 51 API calls 2 library calls 53234->53241 53244 4bbeff 53236->53244 53239->53232 53240->53234 53241->53225 53242->53227 53243->53229 53247 4bbf0b ___scrt_is_nonwritable_in_current_image 53244->53247 53245 4bbf12 53301 4950d4 14 API calls __dosmaperr 53245->53301 53247->53245 53249 4bbf3d 53247->53249 53248 4bbf17 53302 497d29 50 API calls __fread_nolock 53248->53302 53255 4bc57a 53249->53255 53254 4bbf21 53254->53222 53256 4bc597 53255->53256 53257 4bc5ac 53256->53257 53258 4bc5c5 53256->53258 53318 4950c1 14 API calls __dosmaperr 53257->53318 53304 4a2f56 53258->53304 53262 4bc5ea 53317 4bc233 CreateFileW 53262->53317 53263 4bc5d3 53320 4950c1 14 API calls __dosmaperr 53263->53320 53267 4bc5d8 53321 4950d4 14 API calls __dosmaperr 53267->53321 53268 4bc6a0 GetFileType 53273 4bc6ab GetLastError 53268->53273 53274 4bc6f2 53268->53274 53269 4bc623 53269->53268 53272 4bc675 GetLastError 53269->53272 53322 4bc233 CreateFileW 53269->53322 53270 4bbf61 53303 4bbf94 LeaveCriticalSection __wsopen_s 53270->53303 53323 49507a 14 API calls __dosmaperr 53272->53323 53324 49507a 14 API calls __dosmaperr 53273->53324 53326 4a2e9e 15 API calls 2 library calls 53274->53326 53275 4bc5b1 53319 4950d4 14 API calls __dosmaperr 53275->53319 53279 4bc6b9 CloseHandle 53279->53275 53282 4bc6e2 53279->53282 53281 4bc668 53281->53268 53281->53272 53325 4950d4 14 API calls __dosmaperr 53282->53325 53283 4bc713 53285 4bc75f 53283->53285 53327 4bc442 84 API calls 3 library calls 53283->53327 53290 4bc766 53285->53290 53329 4bbfdd 84 API calls 4 library calls 53285->53329 53286 4bc6e7 53286->53275 53289 4bc794 53289->53290 53291 4bc7a2 53289->53291 53328 49c22b 53 API calls __wsopen_s 53290->53328 53291->53270 53293 4bc81e CloseHandle 53291->53293 53330 4bc233 CreateFileW 53293->53330 53295 4bc849 53296 4bc853 GetLastError 53295->53296 53297 4bc87f 53295->53297 53331 49507a 14 API calls __dosmaperr 53296->53331 53297->53270 53299 4bc85f 53332 4a3069 15 API calls 2 library calls 53299->53332 53301->53248 53302->53254 53303->53254 53305 4a2f62 ___scrt_is_nonwritable_in_current_image 53304->53305 53333 49b2e1 EnterCriticalSection 53305->53333 53307 4a2f69 53308 4a2f8e 53307->53308 53313 4a2ffd EnterCriticalSection 53307->53313 53315 4a2fb0 53307->53315 53310 4a2d2d __wsopen_s 15 API calls 53308->53310 53312 4a2f93 53310->53312 53312->53315 53337 4a2e7b EnterCriticalSection 53312->53337 53314 4a300a LeaveCriticalSection 53313->53314 53313->53315 53314->53307 53334 4a3060 53315->53334 53317->53269 53318->53275 53319->53270 53320->53267 53321->53275 53322->53281 53323->53275 53324->53279 53325->53286 53326->53283 53327->53285 53328->53270 53329->53289 53330->53295 53331->53299 53332->53297 53333->53307 53338 49b329 LeaveCriticalSection 53334->53338 53336 4a2fd0 53336->53262 53336->53263 53337->53315 53338->53336 53339 48db16 53340 48db1e 53339->53340 53341 48e1c0 55 API calls 53340->53341 53342 48db2a 53341->53342 53343 4abbf5 CatchGuardHandler 5 API calls 53342->53343 53344 48e0d0 53343->53344

                                  Executed Functions

                                  Function 00485F00 Relevance: 31.7, APIs: 21, Instructions: 205windowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • KiUserCallbackDispatcher.NTDLL(0000004C), ref: 00485F72
                                  • GetSystemMetrics.USER32(0000004D), ref: 00485F7C
                                  • GetSystemMetrics.USER32(0000004E), ref: 00485F86
                                  • GetSystemMetrics.USER32(0000004F), ref: 00485F90
                                  • GetDC.USER32(00000000), ref: 00485F9A
                                  • GetDeviceCaps.GDI32(00000000,00000008), ref: 00485FAF
                                  • GetDeviceCaps.GDI32(?,0000000A), ref: 00485FBB
                                  • CreateCompatibleDC.GDI32(?), ref: 00485FC5
                                  • CreateCompatibleBitmap.GDI32(?,00000000,00000000), ref: 00485FDA
                                  • SelectObject.GDI32(?,00000000), ref: 00485FEE
                                  • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,40CC0020), ref: 0048601D
                                  • SHCreateMemStream.SHLWAPI(00000000,00000000), ref: 0048604F
                                  • DeleteDC.GDI32(?), ref: 0048606E
                                  • ReleaseDC.USER32(00000000,?), ref: 00486077
                                  • DeleteObject.GDI32(?), ref: 00486083
                                  • IStream_Size.SHLWAPI(?,?,?), ref: 004860F5
                                  • IStream_Reset.SHLWAPI(?), ref: 00486104
                                  • IStream_Read.SHLWAPI(?,00000000,?,?), ref: 0048611E
                                  • DeleteDC.GDI32(?), ref: 00486175
                                  • ReleaseDC.USER32(00000000,?), ref: 00486183
                                  • DeleteObject.GDI32(?), ref: 0048618F
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Delete$CreateMetricsObjectStream_System$CapsCompatibleDeviceRelease$BitmapCallbackDispatcherReadResetSelectSizeStreamUser
                                  • String ID:
                                  • API String ID: 2798906502-0
                                  • Opcode ID: 99dc10b740a5f021b41c68854b237c0d4245f8800150c2945631f9edaba6f951
                                  • Instruction ID: 1540f068b23de5c11a4fec01122546931e44dbb37a8a944e45ab45a1281bc334
                                  • Opcode Fuzzy Hash: 99dc10b740a5f021b41c68854b237c0d4245f8800150c2945631f9edaba6f951
                                  • Instruction Fuzzy Hash: F4812971C01218AFDB11EB64DC49BEDBBB8EF09314F1041AAE509B7291DB742E84CF99
                                  Function 00488400 Relevance: 27.7, APIs: 5, Strings: 10, Instructions: 1461COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 37 488400-488efa call 486990 call 4868b0 call 486c50 call 4863f0 call 4864e0 call 488190 call 486250 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 GlobalMemoryStatusEx call 4bcea0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 156 488f01-488f06 37->156 156->156 157 488f08-48908f call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 485f00 156->157 170 489091 157->170 171 489093-4890ec call 44e890 call 44ed10 157->171 170->171 176 4890f0-4890f5 171->176 176->176 177 4890f7-48945b call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 GetDesktopWindow GetWindowRect call 47fa30 * 2 call 44e220 call 48f1f0 call 44d060 * 3 call 44ed10 176->177 208 489462-489467 177->208 208->208 209 489469-489590 call 4517f0 call 44a980 call 44d3b0 call 44d060 call 4517f0 call 44a980 call 497ec8 call 4988eb call 498c76 208->209 228 489597-48959c 209->228 228->228 229 48959e-4897c4 call 4517f0 call 44ed10 call 4517f0 call 44a980 call 44d3b0 call 44d060 call 4517f0 call 44a980 call 4ade50 GetModuleFileNameA 228->229 248 4897c7-4897cc 229->248 248->248 249 4897ce-48986b call 4517f0 call 44e890 call 44ed10 248->249 256 489870-489875 249->256 256->256 257 489877-489975 call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 call 487780 256->257 274 489979-489bdc call 44e890 call 44ed10 call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 call 44e890 call 44ed10 257->274 275 489977 257->275 298 489be0-489be5 274->298 275->274 298->298 299 489be7-489c9a call 4517f0 call 44a980 call 44d3b0 call 44d060 298->299 308 489ca0-489dcd call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 299->308 309 489dd2-489e7d call 4517f0 call 44a980 call 44ca70 call 4517f0 call 44a980 299->309 330 489e83-489f21 call 44d3b0 call 44d060 * 7 call 4abbf5 308->330 309->330
                                  APIs
                                    • Part of subcall function 00486990: EnumDisplayDevicesW.USER32(00000000,00000000,00000348,00000001), ref: 00486A68
                                    • Part of subcall function 00486990: EnumDisplayDevicesW.USER32(00000000,00000001,00000348,00000001), ref: 00486ABD
                                    • Part of subcall function 004868B0: RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                    • Part of subcall function 004863F0: GetUserNameW.ADVAPI32(?,?), ref: 00486464
                                    • Part of subcall function 004864E0: GetComputerNameW.KERNEL32(?,?), ref: 00486554
                                    • Part of subcall function 004517F0: Concurrency::cancel_current_task.LIBCPMT ref: 004518C2
                                    • Part of subcall function 0044BAD0: Concurrency::cancel_current_task.LIBCPMT ref: 0044BBB3
                                  • GlobalMemoryStatusEx.KERNEL32(?,00000003), ref: 00488A6C
                                  • GetDesktopWindow.USER32 ref: 0048936A
                                  • GetWindowRect.USER32(00000000), ref: 00489371
                                  • _strftime.LIBCMT ref: 0048956B
                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,system,00000006), ref: 0048979A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Name$Concurrency::cancel_current_taskDevicesDisplayEnumWindow$ComputerDesktopFileGlobalMemoryModuleRectStatusUserValue_strftime
                                  • String ID: %d-%m-%Y, %H:%M:%S$>wfw$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                  • API String ID: 3994675093-2215247992
                                  • Opcode ID: 780eb4c071b8c58362fb5c4d0a213da67d6cb8a55b1d61346fd39ba53df65c40
                                  • Instruction ID: 1ab1bce1cb2369babe93dc2c843a9f66333b387f055d73d8335e63cf3a34051b
                                  • Opcode Fuzzy Hash: 780eb4c071b8c58362fb5c4d0a213da67d6cb8a55b1d61346fd39ba53df65c40
                                  • Instruction Fuzzy Hash: FC037970C052A99BDB26DF28C8547DDBBB1AF19308F2482DEE44867242DB751F85CF92
                                  Function 0047E240 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 199synchronizationCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • GetCurrentProcess.KERNEL32(00000008,00000000,14DA7ED4), ref: 0047E2A3
                                  • OpenProcessToken.ADVAPI32(00000000), ref: 0047E2AA
                                  • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),?,00000004,00000004), ref: 0047E2CE
                                  • CloseHandle.KERNEL32(00000000), ref: 0047E2F3
                                  • ExitProcess.KERNEL32 ref: 0047E32D
                                  • OpenMutexA.KERNEL32(001F0001,00000000,?), ref: 0047E411
                                  • ExitProcess.KERNEL32 ref: 0047E420
                                  • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 0047E436
                                  • ExitProcess.KERNEL32 ref: 0047E457
                                  • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                  • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Process$ExitMutex$CloseHandleOpenToken$CreateCurrentInformationRelease
                                  • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                  • API String ID: 1905835197-3768118664
                                  • Opcode ID: 1304b057001cb0e859eaf618cd2e17930212c1f0f1b5904f04536edf5095bcb9
                                  • Instruction ID: e600725b129d9e3f70f3f4d3925b8df88ff981f4a24a656009bcaac003b6a44b
                                  • Opcode Fuzzy Hash: 1304b057001cb0e859eaf618cd2e17930212c1f0f1b5904f04536edf5095bcb9
                                  • Instruction Fuzzy Hash: 80817F70D01258EFDB00EFE6D9457DDBBB4EF08308F10815EE51AA7281DB785A05DB69
                                  Function 00446400 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 833libraryloaderCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 435 446400-44650e LoadLibraryA 436 446514-446a39 GetProcAddress * 6 435->436 437 44738b-447390 435->437 438 447385 436->438 439 446a3f-446a46 436->439 440 447392-447395 437->440 441 44739c-44739e 437->441 438->437 439->438 442 446a4c-446a53 439->442 440->441 443 4473a7-4473c4 call 4abbf5 441->443 444 4473a0-4473a1 FreeLibrary 441->444 442->438 445 446a59-446a60 442->445 444->443 445->438 448 446a66-446a68 445->448 448->438 450 446a6e-446a70 448->450 450->438 451 446a76-446a84 450->451 451->438 453 446a8a-446a95 451->453 453->438 454 446a9b-446a9d 453->454 455 446aa3-446aba 454->455 457 447366-44737f 455->457 458 446ac0-446ade 455->458 457->438 457->455 458->457 460 446ae4-446aed 458->460 461 447352-44735a 460->461 462 446af3-446b06 460->462 461->457 463 446b10-446b54 call 4abc08 462->463 467 446d5e-446d62 463->467 468 446b5a-446b5f 463->468 470 446f6e-446f9d 467->470 471 446d68-446d6d 467->471 468->467 469 446b65-446c5d call 47a340 468->469 479 446c60-446c65 469->479 477 4471c6-4471cd 470->477 478 446fa3-446fae 470->478 471->470 473 446d73-446e6b call 47a340 471->473 483 446e70-446e75 473->483 481 447302-447340 call 452630 call 4abfa3 477->481 482 4471d3-4472fc call 4517f0 call 44a980 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 46b040 call 44a850 call 44d3b0 477->482 484 446fb4-446fb9 478->484 485 4471bb-4471bd 478->485 479->479 486 446c67-446d58 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 479->486 481->463 510 447346-44734c 481->510 482->481 483->483 488 446e77-446f68 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 483->488 484->485 490 446fbf-4470ad call 47a340 484->490 485->477 492 4471bf 485->492 486->467 488->470 506 4470b7-4470bc 490->506 492->477 506->506 511 4470be-4471b5 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 506->511 510->461 511->485
                                  APIs
                                  • LoadLibraryA.KERNEL32(?,14DA7ED4), ref: 004464FE
                                  • GetProcAddress.KERNEL32(00000000,?), ref: 0044664C
                                  • GetProcAddress.KERNEL32(?,?), ref: 0044678C
                                  • GetProcAddress.KERNEL32(?,?), ref: 00446831
                                  • GetProcAddress.KERNEL32(?,?), ref: 004468D6
                                  • GetProcAddress.KERNEL32(?,?), ref: 0044697B
                                  • GetProcAddress.KERNEL32(?,?), ref: 00446A27
                                  • FreeLibrary.KERNEL32(00000000), ref: 004473A1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AddressProc$Library$FreeLoad
                                  • String ID: system$vault$!F
                                  • API String ID: 2449869053-2452413646
                                  • Opcode ID: e0fea6c89a0f53085211ecf823e563bfcd2fd38e707c4234fd3e69986002ee46
                                  • Instruction ID: b3fd50756066dde9c2bcdca3b11f87412f5b17b86e41c1a20d378922be8368ac
                                  • Opcode Fuzzy Hash: e0fea6c89a0f53085211ecf823e563bfcd2fd38e707c4234fd3e69986002ee46
                                  • Instruction Fuzzy Hash: 2CA2DFB4D0426D8BDB25CFA8C884BEEBBB1BF59304F1081DAD948B7251DB385A85CF54
                                  Function 0046BCE0 Relevance: 19.0, Strings: 13, Instructions: 2783COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: #d5,$3sQ$QOP$`V[$chrome_key$content$directory_iterator::directory_iterator$exists$filename$key$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
                                  • API String ID: 0-172604419
                                  • Opcode ID: 17df5ce69d1b830cbb9f37ff71955c945b1fa03de86001ee781908370b965299
                                  • Instruction ID: 6f449b873cefd2acf2ff512572e56acebc9c82323065b3056b94c270879c015f
                                  • Opcode Fuzzy Hash: 17df5ce69d1b830cbb9f37ff71955c945b1fa03de86001ee781908370b965299
                                  • Instruction Fuzzy Hash: 0C539870D01298DBDB21DBA8C9447DDBBB0AF19314F1482DEE44967292EB381F85CF96
                                  Function 00485840 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 364networkfileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1601 485840-485a7a 1602 485a84-485a89 1601->1602 1602->1602 1603 485a8b-485ac7 call 4517f0 InternetOpenA 1602->1603 1606 485ac9-485aeb 1603->1606 1607 485af0-485b0f 1603->1607 1608 485e01-485e2f call 44d060 call 4abbf5 1606->1608 1609 485b11 1607->1609 1610 485b13-485b37 InternetOpenUrlA 1607->1610 1609->1610 1612 485b39-485b58 1610->1612 1613 485b5d-485b87 HttpQueryInfoW 1610->1613 1615 485df4-485df8 1612->1615 1616 485b89-485ba8 1613->1616 1617 485bad-485c15 call 4ade50 HttpQueryInfoW 1613->1617 1615->1608 1618 485de9-485dee InternetCloseHandle 1616->1618 1623 485c46-485c57 InternetQueryDataAvailable 1617->1623 1624 485c17-485c2a call 4949e3 1617->1624 1618->1615 1626 485d8a-485de4 call 44d060 1623->1626 1627 485c5d-485c5f 1623->1627 1624->1623 1631 485c2c-485c40 call 4516d0 1624->1631 1626->1618 1630 485c60-485c6b 1627->1630 1632 485d81 1630->1632 1633 485c71-485ce8 call 465e90 call 4ade50 InternetReadFile 1630->1633 1631->1623 1634 485d84 1632->1634 1641 485cee-485cf3 1633->1641 1642 485d73-485d7f call 454ec0 1633->1642 1634->1626 1643 485d70 1641->1643 1644 485cf5-485d05 1641->1644 1642->1634 1643->1642 1646 485d31-485d3e call 4520f0 1644->1646 1647 485d07-485d2f call 4ad8d0 1644->1647 1652 485d43-485d63 call 454ec0 InternetQueryDataAvailable 1646->1652 1647->1652 1652->1634 1655 485d65-485d6b 1652->1655 1655->1630
                                  APIs
                                  • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00485AB8
                                  • InternetOpenUrlA.WININET(00000000,?,?,00000000,84880100,00000000), ref: 00485B23
                                  • HttpQueryInfoW.WININET(00000000,00000013,?,?,00000000), ref: 00485B7C
                                  • HttpQueryInfoW.WININET(00000000,00000005,?,00000040,00000000), ref: 00485C0D
                                  • InternetQueryDataAvailable.WININET(00000000,?,00000000,00000000), ref: 00485C4F
                                  • InternetReadFile.WININET(00000000,00000000,?,0B911A77), ref: 00485CE0
                                  • InternetCloseHandle.WININET(00000000), ref: 00485DEE
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Internet$Query$HttpInfoOpen$AvailableCloseDataFileHandleRead
                                  • String ID: dk{u
                                  • API String ID: 1359475806-1025949191
                                  • Opcode ID: 27b0cd3a0b6fc00430f0ab845b11a26261cda9ec311c293bfde6673f79c1c1f5
                                  • Instruction ID: 61ea4010c365d261526b7633df9a1f3866779007c1279ae13805143fd257e1b9
                                  • Opcode Fuzzy Hash: 27b0cd3a0b6fc00430f0ab845b11a26261cda9ec311c293bfde6673f79c1c1f5
                                  • Instruction Fuzzy Hash: 320203B0D057599BDB20CFA4C944BDDBBB5BF19304F20819AE848BB241EB746A84CF95
                                  Function 004B8545 Relevance: 15.2, APIs: 10, Instructions: 200fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1656 4b8545-4b857a 1657 4b858d-4b8596 1656->1657 1658 4b857c-4b8583 1656->1658 1660 4b8598-4b859b 1657->1660 1661 4b85b0-4b85b2 1657->1661 1658->1657 1659 4b8585-4b8588 1658->1659 1664 4b87a0-4b87ae call 4abbf5 1659->1664 1660->1661 1665 4b859d-4b85a4 1660->1665 1662 4b85b8-4b85bb 1661->1662 1663 4b879e 1661->1663 1666 4b85c1-4b85c4 1662->1666 1667 4b86b4-4b86e1 call 4b8827 1662->1667 1663->1664 1669 4b85aa-4b85ad 1665->1669 1670 4b85a6-4b85a8 1665->1670 1672 4b85d6-4b85e5 GetFileAttributesExW 1666->1672 1673 4b85c6-4b85cc 1666->1673 1679 4b86ea-4b86ed 1667->1679 1680 4b86e3-4b86e5 1667->1680 1669->1661 1670->1661 1670->1669 1677 4b864d-4b8668 1672->1677 1678 4b85e7-4b85f0 GetLastError 1672->1678 1673->1672 1676 4b85ce-4b85d0 1673->1676 1676->1667 1676->1672 1682 4b866e-4b8676 1677->1682 1678->1664 1681 4b85f6-4b8607 FindFirstFileW 1678->1681 1684 4b86ef-4b8700 GetFileInformationByHandleEx 1679->1684 1685 4b875c-4b875f 1679->1685 1683 4b8794-4b879c call 4b830c 1680->1683 1686 4b8609-4b860f GetLastError 1681->1686 1687 4b8614-4b864b FindClose 1681->1687 1688 4b8678-4b867f 1682->1688 1689 4b8681-4b86a8 1682->1689 1683->1664 1691 4b870f-4b872a 1684->1691 1692 4b8702-4b870a GetLastError 1684->1692 1693 4b8789-4b878b 1685->1693 1694 4b8761-4b8772 GetFileInformationByHandleEx 1685->1694 1686->1664 1687->1682 1688->1689 1695 4b86ae 1688->1695 1689->1663 1689->1695 1691->1685 1699 4b872c-4b8732 1691->1699 1692->1683 1696 4b878d-4b878f 1693->1696 1697 4b8791-4b8793 1693->1697 1694->1692 1700 4b8774-4b8786 1694->1700 1695->1667 1696->1683 1697->1683 1701 4b8755 1699->1701 1702 4b8734-4b8748 GetFileInformationByHandleEx 1699->1702 1700->1693 1704 4b8759 1701->1704 1702->1692 1703 4b874a-4b8753 1702->1703 1703->1704 1704->1685
                                  APIs
                                  • GetFileAttributesExW.KERNEL32(000000FF,00000000,?,00000001,?,?), ref: 004B85DD
                                  • GetLastError.KERNEL32 ref: 004B85E7
                                  • FindFirstFileW.KERNEL32(000000FF,?), ref: 004B85FE
                                  • GetLastError.KERNEL32 ref: 004B8609
                                  • FindClose.KERNEL32(00000000), ref: 004B8615
                                  • ___std_fs_open_handle@16.LIBCPMT ref: 004B86CE
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorFileFindLast$AttributesCloseFirst___std_fs_open_handle@16
                                  • String ID:
                                  • API String ID: 2340820627-0
                                  • Opcode ID: 26e86fa6e15967cd6674ed6e37e588395ab66286ab2511015f361a3ca517eeda
                                  • Instruction ID: b482ff722bd6c6e5562e69f300935f677b27db246a655513dfd80cbad8c50a56
                                  • Opcode Fuzzy Hash: 26e86fa6e15967cd6674ed6e37e588395ab66286ab2511015f361a3ca517eeda
                                  • Instruction Fuzzy Hash: 6271A174A01619AFCB60CF28DC84BEAB7B8BF15314F24466AE854E3380DF389D41CB65
                                  Function 0048CB50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1944 48cb50-48cbae 1945 48cbb0-48cbb9 1944->1945 1945->1945 1946 48cbbb-48cbd0 GetCurrentProcess OpenProcessToken 1945->1946 1947 48cc1d 1946->1947 1948 48cbd2-48cbe7 LookupPrivilegeValueW 1946->1948 1950 48cc1f-48cc2b 1947->1950 1948->1947 1949 48cbe9-48cc1b AdjustTokenPrivileges 1948->1949 1949->1950 1951 48cc2d-48cc34 CloseHandle 1950->1951 1952 48cc37-48cc54 call 4abbf5 1950->1952 1951->1952
                                  APIs
                                  • GetCurrentProcess.KERNEL32(00000028,14DA7ED4,14DA7ED4,00000000,00000000), ref: 0048CBC1
                                  • OpenProcessToken.ADVAPI32(00000000), ref: 0048CBC8
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 0048CBDF
                                  • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000), ref: 0048CC10
                                  • CloseHandle.KERNEL32(00000000), ref: 0048CC2E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                  • String ID: SeDebugPrivilege
                                  • API String ID: 3038321057-2896544425
                                  • Opcode ID: 0de4daaceb39ec4f5814627b6f1dd40d7c5fb6c13739ccbd22e93afb17c114b7
                                  • Instruction ID: c2b5bf8999928723eaabf61e86e1a0babf1022b92d12b441156265fc3f808218
                                  • Opcode Fuzzy Hash: 0de4daaceb39ec4f5814627b6f1dd40d7c5fb6c13739ccbd22e93afb17c114b7
                                  • Instruction Fuzzy Hash: 4631A471D01208AFDB10DFA5DD85BEEBBB8EB09710F14422BE911B7280DB745A44CBB5
                                  Function 004422D0 Relevance: 10.4, Strings: 7, Instructions: 1667COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task$___std_fs_directory_iterator_advance@8
                                  • String ID: config$content$directory_iterator::directory_iterator$exists$filename$status$users
                                  • API String ID: 1444412035-815903332
                                  • Opcode ID: 318ca2c7c1d0ec5466f5f7fa8089217a923a2ba81121507c44c59a0bacf04028
                                  • Instruction ID: 69ad5e660c85d4a4c183ac21095e054d7cf3219f32a2a219316693d81515d842
                                  • Opcode Fuzzy Hash: 318ca2c7c1d0ec5466f5f7fa8089217a923a2ba81121507c44c59a0bacf04028
                                  • Instruction Fuzzy Hash: 83036670C012A8DBEB25DF68C9447EDBBB0BF19308F1481DAE44967242DB785B89CF95
                                  Function 004473D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 301processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,14DA7ED4), ref: 0044741C
                                  • Process32FirstW.KERNEL32(00000000,?), ref: 00447468
                                  • Process32NextW.KERNEL32(?,0000022C), ref: 004475CD
                                  • CloseHandle.KERNEL32(?), ref: 004478D2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                  • String ID: [PID:
                                  • API String ID: 420147892-2210602247
                                  • Opcode ID: f6cb1e4388cc3ee2ddfe8d86821b50136ea940ed39218dba736c248fcd380ac9
                                  • Instruction ID: 3632983ffbfa210010dfb9a713b5006bf5dbac80d679a8e5b8b4f374b17b9b69
                                  • Opcode Fuzzy Hash: f6cb1e4388cc3ee2ddfe8d86821b50136ea940ed39218dba736c248fcd380ac9
                                  • Instruction Fuzzy Hash: 0AE14770D112689BDB2ADF24CC807AEBBB9BF59304F1481D9E84867251DB346F89CF45
                                  Function 00470EF0 Relevance: 8.2, Strings: 6, Instructions: 690COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: ;r0'$Te=J$exists$filename$prefs.js$4So
                                  • API String ID: 0-741858243
                                  • Opcode ID: 11664829bde5b78b5a453b90576b65e8c9c4f4be2f2613c5aa62205ba5478c4c
                                  • Instruction ID: 8485e3fbea9921b25a1b00865498cb3d77a8dac2e86307723f5e7c2a487e452b
                                  • Opcode Fuzzy Hash: 11664829bde5b78b5a453b90576b65e8c9c4f4be2f2613c5aa62205ba5478c4c
                                  • Instruction Fuzzy Hash: F182EFB0D052689FDB65CF68C985BDDBBB0AF19304F1082EAE84CA7251EB341B85CF55
                                  Function 0043E4F0 Relevance: 7.5, Strings: 5, Instructions: 1249COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task___std_fs_convert_wide_to_narrow@20
                                  • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                  • API String ID: 2353561611-3429737954
                                  • Opcode ID: 7405bf85bba606f5aa6e5f11bda1af194d4c4d3f657d06d7efc73589d2298c94
                                  • Instruction ID: 45a97de4b3c177a88e72af5189b64a28b2304548a2ed9d28553215762f3f74ee
                                  • Opcode Fuzzy Hash: 7405bf85bba606f5aa6e5f11bda1af194d4c4d3f657d06d7efc73589d2298c94
                                  • Instruction Fuzzy Hash: DBD24770D05268DBDB22DF68C8547DDBBB0AF19304F1482DAE44867282DB785F89CF95
                                  Function 004402D0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 333fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004403C0
                                  • FindNextFileW.KERNELBASE(00000000,?), ref: 004406F2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileFind$FirstNext
                                  • String ID: content$filename
                                  • API String ID: 1690352074-474635906
                                  • Opcode ID: 3df7f202a6b99253f354de22ded639a46978a58fefe962044121c03344fab8ef
                                  • Instruction ID: 3fd07a7a2c97014430c74f1e6d5836f1a3ad12268408335d8deab24a75892f91
                                  • Opcode Fuzzy Hash: 3df7f202a6b99253f354de22ded639a46978a58fefe962044121c03344fab8ef
                                  • Instruction Fuzzy Hash: 2BD1D430D01249DBEB15EB64CD457EEBBB4AF21308F1440AEE505A7292DB785F48CB96
                                  Function 0043C970 Relevance: 6.9, Strings: 5, Instructions: 699COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                  • API String ID: 0-3429737954
                                  • Opcode ID: 0f0324d2262f6727271b1798928450f2e50f2587d7e5877d9cda94f309b22af2
                                  • Instruction ID: 4f0253fa2b569f3355fb29b5c5a77bd21c490a3de55638da9b673f05fe568e9e
                                  • Opcode Fuzzy Hash: 0f0324d2262f6727271b1798928450f2e50f2587d7e5877d9cda94f309b22af2
                                  • Instruction Fuzzy Hash: 137234B0D05268CBDB25CFA8C8817EEBBB1BF19304F14819AD849B7341DB785A85CF95
                                  Function 00459A06 Relevance: 6.8, Strings: 5, Instructions: 541COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: R$array$object$object key$object separator
                                  • API String ID: 0-4025529536
                                  • Opcode ID: c2ea74c46638cb6805419194197d9cd192a644bc36a2140f7da50fef402dd0ab
                                  • Instruction ID: a821d995b12610201d621210502fbeceba3941e2954cbb2726e101dc0738d9ca
                                  • Opcode Fuzzy Hash: c2ea74c46638cb6805419194197d9cd192a644bc36a2140f7da50fef402dd0ab
                                  • Instruction Fuzzy Hash: C322CB70D0035CDFDB14DBA8C855BEEBBB4AF15305F10455EE806A7282EB786A4CCB95
                                  Function 00485350 Relevance: 6.3, APIs: 4, Instructions: 316networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                  • recv.WS2_32(?,00000001,00000000), ref: 004857E2
                                  • closesocket.WS2_32(0000026C), ref: 004857EE
                                  • WSACleanup.WS2_32 ref: 004857F4
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: recv$Cleanupclosesocket
                                  • String ID:
                                  • API String ID: 146070474-0
                                  • Opcode ID: 9e36abc3380925dd93690334c8facdcdb208839f31d4ee637cc8ac082e786f44
                                  • Instruction ID: ea48c0c3f42896101b1dfecbe024c21eb3956ad5c3a4809403442742827d540a
                                  • Opcode Fuzzy Hash: 9e36abc3380925dd93690334c8facdcdb208839f31d4ee637cc8ac082e786f44
                                  • Instruction Fuzzy Hash: 4CE19C70D01298DEDB14EB64CC49BDEBBB2BF14308F1041DAE449AB292DB745E88DF95
                                  Function 00487780 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 515timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetTimeZoneInformation.KERNEL32(?,14DA7ED4,00000000,000000BF), ref: 00487C87
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: InformationTimeZone
                                  • String ID: @Zb=$[UTC
                                  • API String ID: 565725191-730387550
                                  • Opcode ID: cf8fb0669151e3915c1c56c918cda204041e77f9a4f9e4b93b5b3df9b86f4cc7
                                  • Instruction ID: 6d71337f0f8cf227c7c56c381cd8fae4285dcd83216f0cb77706b7edbf0b928b
                                  • Opcode Fuzzy Hash: cf8fb0669151e3915c1c56c918cda204041e77f9a4f9e4b93b5b3df9b86f4cc7
                                  • Instruction Fuzzy Hash: E0520270D052688BDB25CF28CC947DDBBB1BF59304F1082DAD949AB281DB756B85CF84
                                  Function 0043BF70 Relevance: 5.6, Strings: 4, Instructions: 612COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID: content$directory_iterator::directory_iterator$exists$filename
                                  • API String ID: 118556049-1400943384
                                  • Opcode ID: f5691b255ea6dbc5edbd5c9a2dd3daa32d7e1fdddb1a19eceb15310520a34560
                                  • Instruction ID: f0d25c64484c1e08d98ca61568cc243e7f3e3728f1e912629745c9d05fd4e174
                                  • Opcode Fuzzy Hash: f5691b255ea6dbc5edbd5c9a2dd3daa32d7e1fdddb1a19eceb15310520a34560
                                  • Instruction Fuzzy Hash: F26234B0D01268CBDB25DFA8C9817EDBBB0BF19304F14829AD84977342DB785A85CF95
                                  Function 004A1074 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156timeCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0049C0BD: RtlFreeHeap.NTDLL(00000000,00000000,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0D3
                                    • Part of subcall function 0049C0BD: GetLastError.KERNEL32(?,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0DE
                                  • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,004A1227,00000000,00000000,00000000), ref: 004A10E6
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorFreeHeapInformationLastTimeZone
                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                  • API String ID: 3335090040-239921721
                                  • Opcode ID: ad663869331fc52042eea7bfe790139a2e80b582501180bae3c234ee24cd9100
                                  • Instruction ID: 53762b2ebd1cb462dfa51e434dc7c6f7f2cc61e8d19f93444a713380c049c16d
                                  • Opcode Fuzzy Hash: ad663869331fc52042eea7bfe790139a2e80b582501180bae3c234ee24cd9100
                                  • Instruction Fuzzy Hash: 73410871C00224ABDB10AF76DC45A9F7BB8EF6A754F10415BF510EB2A1E7349D04DB98
                                  Function 004B84C0 Relevance: 4.5, APIs: 3, Instructions: 35COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • FindClose.KERNEL32(000000FF,?,004B84EE,00000001,?,?,00437D69,?,004BDC4D,00000001,?,?,?,14DA7ED4,00000001), ref: 004B84CC
                                  • FindFirstFileExW.KERNEL32(000000FF,00000001,14DA7ED4,00000000,00000000,00000000,00000001,00000001,?,?,004B84EE,00000001,?,?,00437D69,?), ref: 004B84FB
                                  • GetLastError.KERNEL32(?,004B84EE,00000001,?,?,00437D69,?,004BDC4D,00000001,?,?,?,14DA7ED4,00000001), ref: 004B850D
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Find$CloseErrorFileFirstLast
                                  • String ID:
                                  • API String ID: 4020440971-0
                                  • Opcode ID: 6891505d0e316c560b8af891ce29886cce9dd01a211028f8c8b4780eaf2fe176
                                  • Instruction ID: a5a0d7868366c0cca89b591e166bcddb9b03d08ebbd2c2fb18ba3c3c76c3338f
                                  • Opcode Fuzzy Hash: 6891505d0e316c560b8af891ce29886cce9dd01a211028f8c8b4780eaf2fe176
                                  • Instruction Fuzzy Hash: 0AF03071001109BFDB216FA4EC08AAA7B9DEB14360B10862ABD28C55A0EA359961DB79
                                  Function 004479C0 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 647COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00487290: RegOpenKeyExA.KERNEL32(80000001,0047F265,00000000,00020019,00000000,14DA7ED4,?,0051C288), ref: 0048735B
                                    • Part of subcall function 00487290: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00487397
                                    • Part of subcall function 004870B0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,14DA7ED4,0051C570,0051C2A0), ref: 00487182
                                    • Part of subcall function 004870B0: RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004487A3
                                    • Part of subcall function 004870B0: RegCloseKey.ADVAPI32(00000000), ref: 00487260
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Open$CloseEnumIos_base_dtorQueryValuestd::ios_base::_
                                  • String ID: 0hC
                                  • API String ID: 3553622603-2581318919
                                  • Opcode ID: 0bcb193991c17a35e04031cec61f2fc9a228979a7f5d57045d0cffd32dde56ff
                                  • Instruction ID: d381e0b8d15ce89c3a027b92e8a5ae116750b180a2e65f5cba22683de7249f8f
                                  • Opcode Fuzzy Hash: 0bcb193991c17a35e04031cec61f2fc9a228979a7f5d57045d0cffd32dde56ff
                                  • Instruction Fuzzy Hash: EA82CEB4E152688FEB25CF18C8957DDBBB0BF5A304F5082DAD98DA7241DB305A85CF81
                                  Function 0047A610 Relevance: 3.1, APIs: 2, Instructions: 119encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0047A678
                                  • LocalFree.KERNEL32(?,00000000), ref: 0047A70F
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CryptDataFreeLocalUnprotect
                                  • String ID:
                                  • API String ID: 1561624719-0
                                  • Opcode ID: 23f8f3dfd76d3946956684746ccb5c99c2b1de592e134c678ee3552ffd4f36d7
                                  • Instruction ID: 0fc5e8941a16b16f9458543aa06cdc6e77fe0ca1878954e15eaf8ff6be4b297f
                                  • Opcode Fuzzy Hash: 23f8f3dfd76d3946956684746ccb5c99c2b1de592e134c678ee3552ffd4f36d7
                                  • Instruction Fuzzy Hash: 86518B70C00249EBEB00DFA5D845BDEFBB4FF54708F14821AE81477281D7B96A98CBA5
                                  Function 0046EB70 Relevance: 2.3, Strings: 1, Instructions: 1019COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: i`[
                                  • API String ID: 0-627998571
                                  • Opcode ID: e3a410a9e3ca53c342af7cc7fde5a733c932cb315480ea9a7238ac1123cd91a2
                                  • Instruction ID: f409668d1dcd92952583ea64716c6161a23bbeab54c2797513d5a6ff86e8a7fe
                                  • Opcode Fuzzy Hash: e3a410a9e3ca53c342af7cc7fde5a733c932cb315480ea9a7238ac1123cd91a2
                                  • Instruction Fuzzy Hash: 68D29DB4D0436C8ADB25CF99D8957DCFBB2BF49304F00819AD959AB345EB341A8ACF44
                                  Function 00487550 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetLogicalDriveStringsW.KERNEL32(00000104,?,14DA7ED4), ref: 00487605
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: DriveLogicalStrings
                                  • String ID:
                                  • API String ID: 2022863570-0
                                  • Opcode ID: af7986355f76353f56621d05ed0878166b8efb0a331a21fa16df84ccda1fe4cc
                                  • Instruction ID: 0be71067b94349f3b163f10fc7865c9901b3f86c171c2f757c76e38bbf7f7ec5
                                  • Opcode Fuzzy Hash: af7986355f76353f56621d05ed0878166b8efb0a331a21fa16df84ccda1fe4cc
                                  • Instruction Fuzzy Hash: 3351BD70C05318DBDB20DF64D85979EB7B0EF18304F1082DED409A7291EBB86A88CB95
                                  Function 004863F0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetUserNameW.ADVAPI32(?,?), ref: 00486464
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: NameUser
                                  • String ID:
                                  • API String ID: 2645101109-0
                                  • Opcode ID: f4ed9f5e37941df1e9ba9867385f1ec3f0cb7986d12087e88cefc21d8231c34a
                                  • Instruction ID: 991b9e5c4f1dd7985d860474454b41f109cd49006b683c09ab2e27c6457cb47f
                                  • Opcode Fuzzy Hash: f4ed9f5e37941df1e9ba9867385f1ec3f0cb7986d12087e88cefc21d8231c34a
                                  • Instruction Fuzzy Hash: AF217FB0D043189BD721DF15C844B9ABBF4FB08714F0046AEE84997380DBB9A6849BE5
                                  Function 00486C50 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: cores
                                  • API String ID: 0-2370456839
                                  • Opcode ID: 7caecc748150b05fedb2737b290fa2d10d67063e027dfbdfaad7aac65fe8cbf0
                                  • Instruction ID: e3a9e89045bf121aadbf864e887aeb25ba0c58f762de233e8adf5c73134b1a6d
                                  • Opcode Fuzzy Hash: 7caecc748150b05fedb2737b290fa2d10d67063e027dfbdfaad7aac65fe8cbf0
                                  • Instruction Fuzzy Hash: 2B916871D003599BDB00CFA8C9547EEFBB4FF59304F14825AE404BB292EBB56A84CB91
                                  Function 0043A2B0 Relevance: .3, Instructions: 294COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 02a584f50cec7d117239a346da7015494028620e642b4639fe7f05473c013932
                                  • Instruction ID: a79bf28788cd7fece911b6e1e66e8534556c7722a2d9226744d1a7d19b7185e3
                                  • Opcode Fuzzy Hash: 02a584f50cec7d117239a346da7015494028620e642b4639fe7f05473c013932
                                  • Instruction Fuzzy Hash: 89F197B4D053588BDB25CFA8CA91BDDBBB0AF4A314F20419AD84DBB351DB306A85CF44
                                  Function 00439D60 Relevance: .3, Instructions: 294COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 186fcadbebabc4ac8475eff220d5f03fe57b16df31032e8b523138032ae08221
                                  • Instruction ID: 4fd346efeb900e22f944567b89219bf35164593af445f665e6b4c60aa2d00baf
                                  • Opcode Fuzzy Hash: 186fcadbebabc4ac8475eff220d5f03fe57b16df31032e8b523138032ae08221
                                  • Instruction Fuzzy Hash: 76F187B4D053588BDB25CFA8CA91BDDBBB0BF5A304F20419AD84DAB351DB306A85CF44
                                  Function 004395D0 Relevance: .3, Instructions: 292COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ee95dc0e5b5396d58bf0237a5e01a6f13710f7daf9d7380e93e4a8007b91f328
                                  • Instruction ID: 7cc2350b8a4e2648267175039a6658fe4e1c6b2b5322fe7f087af9f211071a42
                                  • Opcode Fuzzy Hash: ee95dc0e5b5396d58bf0237a5e01a6f13710f7daf9d7380e93e4a8007b91f328
                                  • Instruction Fuzzy Hash: 0CF187B4D053588BDB25CFA8CA91BDDBBB0BF4A304F20419AD84DAB351DB306A85CF44
                                  Function 00480C80 Relevance: 19.8, APIs: 13, Instructions: 258windowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 565 480c80-480cd2 call 4808f0 568 480d19 565->568 569 480cd4-480ce1 EnterCriticalSection 565->569 570 480d1e-480d3e call 4abbf5 568->570 571 480d41-480d58 LeaveCriticalSection GdipGetImageEncodersSize 569->571 572 480ce3-480d10 GdiplusStartup 569->572 571->568 575 480d5a-480d6e 571->575 572->571 573 480d12-480d13 LeaveCriticalSection 572->573 573->568 577 480d8a-480d91 575->577 578 480d70-480d77 call 480510 575->578 580 480f79-480f83 call 4805d0 577->580 581 480d97-480da5 call 497e9c 577->581 587 480d79-480d85 call 4ac9f0 578->587 588 480d87 578->588 589 480db5 581->589 590 480da7-480db2 581->590 592 480db8-480dbd 587->592 588->577 589->592 590->589 594 480dc9-480dd6 GdipGetImageEncoders 592->594 595 480dbf-480dc4 592->595 597 480f39-480f3e 594->597 598 480ddc-480de2 594->598 596 480f54-480f5d 595->596 601 480f5f 596->601 602 480f72-480f74 596->602 597->596 599 480e32 598->599 600 480de4-480ded 598->600 605 480e39-480e4a 599->605 603 480df0-480dfa 600->603 604 480f60-480f70 call 497357 601->604 602->570 607 480e00-480e04 603->607 604->602 606 480e50-480e54 605->606 610 480e6b-480e80 606->610 611 480e56-480e5f 606->611 612 480e1d-480e30 607->612 613 480e06-480e0f 607->613 615 480ee1-480f22 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 610->615 616 480e82-480ed8 GdipCreateBitmapFromScan0 GdipSaveImageToStream 610->616 611->606 614 480e61-480e66 611->614 612->599 612->603 613->607 617 480e11-480e1b 613->617 614->596 620 480f40-480f52 GdipDisposeImage 615->620 621 480f24 615->621 618 480eda-480edd 616->618 619 480edf 616->619 617->605 622 480f27-480f33 GdipDisposeImage 618->622 619->620 620->596 621->622 622->597
                                  APIs
                                    • Part of subcall function 004808F0: InitializeCriticalSectionEx.KERNEL32(0051C7AC,00000000,00000000), ref: 0048096F
                                    • Part of subcall function 004808F0: GetLastError.KERNEL32 ref: 00480979
                                  • EnterCriticalSection.KERNEL32(00000004,14DA7ED4,?,?), ref: 00480CD8
                                  • GdiplusStartup.GDIPLUS(00000000,00000001,?), ref: 00480D08
                                  • LeaveCriticalSection.KERNEL32(00000004), ref: 00480D13
                                  • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00480D42
                                  • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 00480D50
                                  • __alloca_probe_16.LIBCMT ref: 00480D7E
                                  • GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 00480DCE
                                  • GdipCreateBitmapFromScan0.GDIPLUS(?,?,?,0026200A,?,?), ref: 00480EB3
                                  • GdipSaveImageToStream.GDIPLUS(00000000,?,?,00000000), ref: 00480ED0
                                  • GdipDisposeImage.GDIPLUS(00000000), ref: 00480F33
                                  • GdipDisposeImage.GDIPLUS(00000000), ref: 00480F4C
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream__alloca_probe_16
                                  • String ID:
                                  • API String ID: 1308617310-0
                                  • Opcode ID: db8e19989c3c8e354b887b54b5669c89f7a5afa25811b29cf81357a5f4059125
                                  • Instruction ID: f4feccb951fe1b922ecb3dfaf5b8302156747445c0b76c240fb24b0f4f51c94e
                                  • Opcode Fuzzy Hash: db8e19989c3c8e354b887b54b5669c89f7a5afa25811b29cf81357a5f4059125
                                  • Instruction Fuzzy Hash: D1A165B1D10208DFDB50DFA4C984BAEBBF4FF49314F24452AE905A7340D778A949CBA9
                                  Function 00481B10 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 293networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1454 481b10-481c8d call 485e30 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 WSAStartup 1473 481de1 1454->1473 1474 481c93-481ca6 socket 1454->1474 1477 481de5-481e14 call 44d060 call 4abbf5 1473->1477 1475 481ddb WSACleanup 1474->1475 1476 481cac-481cde htons 1474->1476 1475->1473 1478 481e34-481ea7 call 480f90 call 44cfd0 * 2 call 480f90 1476->1478 1479 481ce4-481ceb 1476->1479 1509 481eac-481efd call 44cfd0 * 2 1478->1509 1481 481ced-481cf1 1479->1481 1482 481cf3-481cf5 1479->1482 1486 481cf7-481cfc 1481->1486 1482->1486 1489 481d18-481d1e 1486->1489 1490 481cfe 1486->1490 1494 481d20 1489->1494 1495 481d22-481d36 call 473550 1489->1495 1493 481d00-481d0e call 498020 1490->1493 1505 481d10-481d13 1493->1505 1506 481d15 1493->1506 1494->1495 1502 481d38-481d44 1495->1502 1503 481d46-481d53 1495->1503 1507 481d55 1502->1507 1503->1507 1508 481d57-481d5c 1503->1508 1505->1493 1505->1506 1506->1489 1507->1508 1510 481d5e 1508->1510 1511 481d81-481d96 call 473550 1508->1511 1509->1477 1513 481d61-481d75 call 498020 1510->1513 1521 481d98 1511->1521 1522 481d9a-481dbe inet_pton connect 1511->1522 1525 481d7e 1513->1525 1526 481d77-481d7c 1513->1526 1521->1522 1523 481dc0-481dc9 1522->1523 1524 481e15-481e1b 1522->1524 1523->1479 1527 481dcf-481dd5 closesocket 1523->1527 1524->1478 1528 481e1d-481e24 1524->1528 1525->1511 1526->1513 1526->1525 1527->1475 1529 481e28-481e2f call 44d7d0 1528->1529 1530 481e26 1528->1530 1529->1478 1530->1529
                                  APIs
                                    • Part of subcall function 00485E30: GetUserGeoID.KERNEL32(00000010), ref: 00485E6C
                                    • Part of subcall function 00485E30: GetGeoInfoA.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00485E7E
                                    • Part of subcall function 00485E30: GetGeoInfoA.KERNEL32(0000000F,00000004,?,00000000,00000000), ref: 00485ED6
                                  • WSAStartup.WS2_32(00000202,00516D04), ref: 00481C85
                                  • socket.WS2_32(00000002,00000001,00000000), ref: 00481C98
                                  • htons.WS2_32(00000002), ref: 00481CBF
                                  • inet_pton.WS2_32(00000002,00000000,00516E98), ref: 00481DA2
                                  • connect.WS2_32(00516E94,00000010), ref: 00481DB5
                                  • closesocket.WS2_32 ref: 00481DD5
                                  • WSACleanup.WS2_32 ref: 00481DDB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                  • String ID: NG$geo$system
                                  • API String ID: 213021568-968879199
                                  • Opcode ID: 3e51a562f8bb916ff5cdbc648a8933530491576e42c442edfc0125d67360bed5
                                  • Instruction ID: a79096e42c26a1a604384fcb43a931ed9af1c00745f33276f8ffcea807cfd111
                                  • Opcode Fuzzy Hash: 3e51a562f8bb916ff5cdbc648a8933530491576e42c442edfc0125d67360bed5
                                  • Instruction Fuzzy Hash: 1DC1AE70D01248DBDB00EFA8C8457DEBBB5FF15308F14421BE854AB391EBB86A85CB95
                                  Function 004BC57A Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1532 4bc57a-4bc5aa call 4bc2c8 1535 4bc5ac-4bc5b7 call 4950c1 1532->1535 1536 4bc5c5-4bc5d1 call 4a2f56 1532->1536 1541 4bc5b9-4bc5c0 call 4950d4 1535->1541 1542 4bc5ea-4bc633 call 4bc233 1536->1542 1543 4bc5d3-4bc5e8 call 4950c1 call 4950d4 1536->1543 1552 4bc89f-4bc8a3 1541->1552 1550 4bc6a0-4bc6a9 GetFileType 1542->1550 1551 4bc635-4bc63e 1542->1551 1543->1541 1556 4bc6ab-4bc6dc GetLastError call 49507a CloseHandle 1550->1556 1557 4bc6f2-4bc6f5 1550->1557 1554 4bc640-4bc644 1551->1554 1555 4bc675-4bc69b GetLastError call 49507a 1551->1555 1554->1555 1561 4bc646-4bc673 call 4bc233 1554->1561 1555->1541 1556->1541 1571 4bc6e2-4bc6ed call 4950d4 1556->1571 1559 4bc6fe-4bc704 1557->1559 1560 4bc6f7-4bc6fc 1557->1560 1564 4bc708-4bc756 call 4a2e9e 1559->1564 1565 4bc706 1559->1565 1560->1564 1561->1550 1561->1555 1574 4bc758-4bc764 call 4bc442 1564->1574 1575 4bc775-4bc79d call 4bbfdd 1564->1575 1565->1564 1571->1541 1574->1575 1583 4bc766 1574->1583 1581 4bc79f-4bc7a0 1575->1581 1582 4bc7a2-4bc7e3 1575->1582 1584 4bc768-4bc770 call 49c22b 1581->1584 1585 4bc7e5-4bc7e9 1582->1585 1586 4bc804-4bc812 1582->1586 1583->1584 1584->1552 1585->1586 1587 4bc7eb-4bc7ff 1585->1587 1588 4bc818-4bc81c 1586->1588 1589 4bc89d 1586->1589 1587->1586 1588->1589 1591 4bc81e-4bc851 CloseHandle call 4bc233 1588->1591 1589->1552 1595 4bc853-4bc87f GetLastError call 49507a call 4a3069 1591->1595 1596 4bc885-4bc899 1591->1596 1595->1596 1596->1589
                                  APIs
                                    • Part of subcall function 004BC233: CreateFileW.KERNEL32(?,00000000,?,004BC623,?,?,00000000,?,004BC623,?,0000000C), ref: 004BC250
                                  • GetLastError.KERNEL32 ref: 004BC68E
                                  • __dosmaperr.LIBCMT ref: 004BC695
                                  • GetFileType.KERNEL32(00000000), ref: 004BC6A1
                                  • GetLastError.KERNEL32 ref: 004BC6AB
                                  • __dosmaperr.LIBCMT ref: 004BC6B4
                                  • CloseHandle.KERNEL32(00000000), ref: 004BC6D4
                                  • CloseHandle.KERNEL32(004BB653), ref: 004BC821
                                  • GetLastError.KERNEL32 ref: 004BC853
                                  • __dosmaperr.LIBCMT ref: 004BC85A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                  • String ID: H
                                  • API String ID: 4237864984-2852464175
                                  • Opcode ID: 1092716943437c36cfa02252dfbb3b8d28f6a4b1d2fea1c18a37bf8b19ebdc4d
                                  • Instruction ID: e4caf95108e2d56c13f9780512823c5111e6df0be3dd416bceb2684eca6e9c1f
                                  • Opcode Fuzzy Hash: 1092716943437c36cfa02252dfbb3b8d28f6a4b1d2fea1c18a37bf8b19ebdc4d
                                  • Instruction Fuzzy Hash: 65A13632A041549FCF19AF68DCD1BEE3BA1AB46314F14015FF8119F391CB798906CBA9
                                  Function 00481110 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 526fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1752 481110-481191 call 4385b0 1755 4817e2-4817e4 1752->1755 1756 481197-48119f 1752->1756 1757 48181b-48188f call 437c30 call 481110 1755->1757 1758 4817e6-4817f1 1755->1758 1756->1758 1759 4811a5-4811fd call 4ade50 call 44ee20 1756->1759 1774 48191f-481927 1757->1774 1775 481895-4818aa call 44e890 1757->1775 1760 4817fb-48181a call 4abbf5 1758->1760 1772 481551-481589 call 466040 call 465f20 1759->1772 1773 481203-481209 1759->1773 1795 48158b-48159a call 4516d0 1772->1795 1796 4815a2-481625 call 466040 call 48fa10 1772->1796 1777 48120b 1773->1777 1778 48120d-48122d call 489f30 call 48a0a0 1773->1778 1782 48192e-481939 1774->1782 1784 4818af-48191d call 44d060 1775->1784 1777->1778 1798 4812f9-481312 GetFileSize 1778->1798 1799 481233-4812f4 call 44d060 call 44a340 call 4b94ea 1778->1799 1786 48193b-48193e call 44d060 1782->1786 1787 481943-481961 call 4abbf5 1782->1787 1784->1782 1786->1787 1803 48159f 1795->1803 1819 48163b-48164b call 48fab0 1796->1819 1820 481627-481639 1796->1820 1804 481328-48133a 1798->1804 1805 481314-481326 1798->1805 1799->1760 1803->1796 1810 481368-481375 call 451f90 1804->1810 1811 48133c-481366 call 4ade50 1804->1811 1809 48137a-4813ac SetFilePointer ReadFile 1805->1809 1815 48149f-481542 call 44d060 call 44a340 1809->1815 1816 4813b2-481490 call 44d060 call 44a340 1809->1816 1810->1809 1811->1809 1815->1772 1816->1815 1822 481650-48165a 1819->1822 1820->1822 1828 48165c-481680 1822->1828 1829 481682-481693 call 44d7d0 1822->1829 1833 481698-48169f call 44d060 1828->1833 1829->1833 1840 4816a4-4816d5 call 436640 call 44c7a0 1833->1840 1846 481700-4817d3 call 44d060 call 44a340 1840->1846 1847 4816d7-4816fb call 436640 1840->1847 1846->1755 1847->1846
                                  APIs
                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004812EC
                                  • GetFileSize.KERNEL32(00000000,00000000,?,?,00000000,000000B8), ref: 004812FC
                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00481388
                                  • ReadFile.KERNEL32(00000000,00000000,00516C10,00000000,00000000), ref: 004813A4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: File$Ios_base_dtorPointerReadSizestd::ios_base::_
                                  • String ID: 0hC$exists
                                  • API String ID: 418202444-4085241440
                                  • Opcode ID: 484f58a7a18a46d98bb1edb3502d40a625e7069bcaa41c24cad3f5034e0e3b9d
                                  • Instruction ID: 03b619e30c80654d4b10cf1501dd509fce63877f60a48615618d7203a258c35b
                                  • Opcode Fuzzy Hash: 484f58a7a18a46d98bb1edb3502d40a625e7069bcaa41c24cad3f5034e0e3b9d
                                  • Instruction Fuzzy Hash: 3E425D70D01248DFDB10DFA9C9447DDBBF4BF19308F10819AE849A7291DB746A89CF95
                                  Function 00453280 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 340COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00453446
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00453463
                                    • Part of subcall function 004AFA0C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0043FE44,?,?,?,004B9080,0043FE44,00513AB0,?,0043FE44,?,?,0000000C,14DA7ED4), ref: 004AFA6C
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 004536B0
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 004536CD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy$ExceptionRaise
                                  • String ID: MC$value
                                  • API String ID: 299339551-3840657116
                                  • Opcode ID: 105946c5cbd8b82caa2ff389fd77db40c33b1abb7ad3302a948b5beaa238df8e
                                  • Instruction ID: 0b049260404a019bd3923239173dd3b15bf9369a861e2bc94eedd162a5d5976f
                                  • Opcode Fuzzy Hash: 105946c5cbd8b82caa2ff389fd77db40c33b1abb7ad3302a948b5beaa238df8e
                                  • Instruction Fuzzy Hash: 1EF16B70C05298DEEB20DB65C954BDEFBB4AF19304F1481DED84963282E7746B88CF96
                                  Function 0049EF0E Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2369 49ef0e-49ef1e 2370 49ef38-49ef3a 2369->2370 2371 49ef20-49ef33 call 4950c1 call 4950d4 2369->2371 2373 49f27a-49f287 call 4950c1 call 4950d4 2370->2373 2374 49ef40-49ef46 2370->2374 2387 49f292 2371->2387 2392 49f28d call 497d29 2373->2392 2374->2373 2377 49ef4c-49ef75 2374->2377 2377->2373 2380 49ef7b-49ef84 2377->2380 2383 49ef9e-49efa0 2380->2383 2384 49ef86-49ef99 call 4950c1 call 4950d4 2380->2384 2385 49f276-49f278 2383->2385 2386 49efa6-49efaa 2383->2386 2384->2392 2391 49f295-49f298 2385->2391 2386->2385 2390 49efb0-49efb4 2386->2390 2387->2391 2390->2384 2394 49efb6-49efcd 2390->2394 2392->2387 2397 49efcf-49efd2 2394->2397 2398 49f002-49f008 2394->2398 2400 49eff8-49f000 2397->2400 2401 49efd4-49efda 2397->2401 2402 49f00a-49f011 2398->2402 2403 49efdc-49eff3 call 4950c1 call 4950d4 call 497d29 2398->2403 2405 49f075-49f094 2400->2405 2401->2400 2401->2403 2406 49f013 2402->2406 2407 49f015-49f033 call 49d15a call 49c0bd * 2 2402->2407 2434 49f1ad 2403->2434 2408 49f09a-49f0a6 2405->2408 2409 49f150-49f159 call 4a652f 2405->2409 2406->2407 2438 49f050-49f073 call 49f49f 2407->2438 2439 49f035-49f04b call 4950d4 call 4950c1 2407->2439 2408->2409 2412 49f0ac-49f0ae 2408->2412 2423 49f15b-49f16d 2409->2423 2424 49f1ca 2409->2424 2412->2409 2416 49f0b4-49f0d5 2412->2416 2416->2409 2420 49f0d7-49f0ed 2416->2420 2420->2409 2425 49f0ef-49f0f1 2420->2425 2423->2424 2429 49f16f-49f17e GetConsoleMode 2423->2429 2427 49f1ce-49f1e4 ReadFile 2424->2427 2425->2409 2430 49f0f3-49f116 2425->2430 2432 49f242-49f24d GetLastError 2427->2432 2433 49f1e6-49f1ec 2427->2433 2429->2424 2435 49f180-49f184 2429->2435 2430->2409 2437 49f118-49f12e 2430->2437 2440 49f24f-49f261 call 4950d4 call 4950c1 2432->2440 2441 49f266-49f269 2432->2441 2433->2432 2442 49f1ee 2433->2442 2436 49f1b0-49f1ba call 49c0bd 2434->2436 2435->2427 2443 49f186-49f19e ReadConsoleW 2435->2443 2436->2391 2437->2409 2449 49f130-49f132 2437->2449 2438->2405 2439->2434 2440->2434 2446 49f26f-49f271 2441->2446 2447 49f1a6-49f1ac call 49507a 2441->2447 2453 49f1f1-49f203 2442->2453 2444 49f1bf-49f1c8 2443->2444 2445 49f1a0 GetLastError 2443->2445 2444->2453 2445->2447 2446->2436 2447->2434 2449->2409 2456 49f134-49f14b 2449->2456 2453->2436 2460 49f205-49f209 2453->2460 2456->2409 2464 49f20b-49f21b call 49ec20 2460->2464 2465 49f222-49f22f 2460->2465 2474 49f21e-49f220 2464->2474 2467 49f23b-49f240 call 49ea66 2465->2467 2468 49f231 call 49ed77 2465->2468 2475 49f236-49f239 2467->2475 2468->2475 2474->2436 2475->2474
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ccfc0c2450c919e5ca8e87a3f3fa153f15bbe28b91ce2660b0eab54348b933ba
                                  • Instruction ID: af9c87e70908a1ee06dfbc346dd9d7a470d4d3b04964572cafa80a59c2292356
                                  • Opcode Fuzzy Hash: ccfc0c2450c919e5ca8e87a3f3fa153f15bbe28b91ce2660b0eab54348b933ba
                                  • Instruction Fuzzy Hash: ACB13274A04249EFEF11CF99C841BAE7FB1AF46304F14417AE5009B392C7B99D4ACB99
                                  Function 0049865A Relevance: 9.3, APIs: 6, Instructions: 265COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2477 49865a-498668 2478 49866a-49867b call 4950d4 call 497d29 2477->2478 2479 49867d-49868d 2477->2479 2499 4986d0-4986d2 2478->2499 2481 49868f-4986a0 call 4950d4 call 497d29 2479->2481 2482 4986a2-4986a8 2479->2482 2504 4986cf 2481->2504 2485 4986aa 2482->2485 2486 4986b0-4986b6 2482->2486 2489 4986ac-4986ae 2485->2489 2490 4986c2-4986cc call 4950d4 2485->2490 2491 4986b8 2486->2491 2492 4986d3 call 4a1286 2486->2492 2489->2486 2489->2490 2502 4986ce 2490->2502 2491->2490 2497 4986ba-4986c0 2491->2497 2500 4986d8-4986ed call 4a0679 2492->2500 2497->2490 2497->2492 2506 4988e0-4988ea call 497d56 2500->2506 2507 4986f3-4986ff call 4a06a5 2500->2507 2502->2504 2504->2499 2507->2506 2512 498705-498711 call 4a06d1 2507->2512 2512->2506 2515 498717-49872c 2512->2515 2516 49879c-4987a7 call 4a097d 2515->2516 2517 49872e 2515->2517 2516->2502 2523 4987ad-4987b8 2516->2523 2519 498738-498754 call 4a097d 2517->2519 2520 498730-498736 2517->2520 2519->2502 2527 49875a-49875d 2519->2527 2520->2516 2520->2519 2525 4987ba-4987c3 call 4a12e3 2523->2525 2526 4987d4 2523->2526 2525->2526 2535 4987c5-4987d2 2525->2535 2529 4987d7-4987eb call 4ac930 2526->2529 2530 4988d9-4988db 2527->2530 2531 498763-49876c call 4a12e3 2527->2531 2538 4987f8-49881f call 4ac880 call 4ac930 2529->2538 2539 4987ed-4987f5 2529->2539 2530->2502 2531->2530 2540 498772-49878a call 4a097d 2531->2540 2535->2529 2548 49882d-498854 call 4ac880 call 4ac930 2538->2548 2549 498821-49882a 2538->2549 2539->2538 2540->2502 2545 498790-498797 2540->2545 2545->2530 2554 498862-498871 call 4ac880 2548->2554 2555 498856-49885f 2548->2555 2549->2548 2558 498899-4988b9 2554->2558 2559 498873 2554->2559 2555->2554 2560 4988bb-4988d4 2558->2560 2561 4988d6 2558->2561 2562 498879-49888d 2559->2562 2563 498875-498877 2559->2563 2560->2530 2561->2530 2562->2530 2563->2562 2564 49888f-498891 2563->2564 2564->2530 2565 498893 2564->2565 2565->2558 2566 498895-498897 2565->2566 2566->2530 2566->2558
                                  APIs
                                  • __allrem.LIBCMT ref: 004987E2
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004987FE
                                  • __allrem.LIBCMT ref: 00498815
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00498833
                                  • __allrem.LIBCMT ref: 0049884A
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00498868
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                  • String ID:
                                  • API String ID: 1992179935-0
                                  • Opcode ID: 0bad0c18fe0cf381acad9996688c966a33eada49a23c210a765f4fa7ac2e53a6
                                  • Instruction ID: bac2f8d64b4771d1480d5067db4f3a3676e567bfb19d99c183f063f20f68270c
                                  • Opcode Fuzzy Hash: 0bad0c18fe0cf381acad9996688c966a33eada49a23c210a765f4fa7ac2e53a6
                                  • Instruction Fuzzy Hash: A68107B26007069BDB20EA6DCC41B5B7BE9AF52364F24453FF111DB791EB78D9008B98
                                  Function 004823F0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 280COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Ios_base_dtorstd::ios_base::_
                                  • String ID: 0$0hC$exists
                                  • API String ID: 323602529-1229763112
                                  • Opcode ID: f10948b3ed40f3b076f8b225239c75273635f3694046d4e0320974136430c3f1
                                  • Instruction ID: 8ad686ceee80f5ac92384c61aa111afe13dce58c6585d204e44adfbc4e8d440e
                                  • Opcode Fuzzy Hash: f10948b3ed40f3b076f8b225239c75273635f3694046d4e0320974136430c3f1
                                  • Instruction Fuzzy Hash: 81D18070D0528CDAEB10DBA8CA45BDCBBF4AF19308F2440DDE4456B282DBB95F48DB56
                                  Function 004865D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 230registryCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0047FD70: ___std_fs_get_current_path@8.LIBCPMT ref: 0047FE92
                                  • GetVolumeInformationW.KERNEL32(?,?,00000100,?,?,?,?,00000100,00000000,?,14DA7ED4,?,?), ref: 00486757
                                  • RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                  Strings
                                  • ProductName, xrefs: 00486900
                                  • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00486905
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: InformationValueVolume___std_fs_get_current_path@8
                                  • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                  • API String ID: 2814272438-1787575317
                                  • Opcode ID: b1404d09f7114e8511fbbac145fb6ec7f4eb5f2e1f33eee02c53c21e1c4c82cd
                                  • Instruction ID: 5513a57b40c567382305f19abecc614c7fb65df7785b10e0462d816fc7d7abf5
                                  • Opcode Fuzzy Hash: b1404d09f7114e8511fbbac145fb6ec7f4eb5f2e1f33eee02c53c21e1c4c82cd
                                  • Instruction Fuzzy Hash: DFA18BB1C012199BDB21DF55CD59BE9B7B4FF14304F1042EAE419A7281EB786B88CF94
                                  Function 0048A490 Relevance: 6.2, APIs: 4, Instructions: 195COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetEnvironmentStringsW.KERNEL32(14DA7ED4), ref: 0048A4E4
                                  • FreeEnvironmentStringsW.KERNEL32(?), ref: 0048A685
                                  • RtlInitUnicodeString.NTDLL(?), ref: 0048A6D9
                                  • RtlInitUnicodeString.NTDLL(?,00000000), ref: 0048A6E4
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: EnvironmentInitStringStringsUnicode$Free
                                  • String ID:
                                  • API String ID: 2488768755-0
                                  • Opcode ID: 087de5e6dd1055750bf7132ea8417913862878fff25edd8fa91e2b0393d86743
                                  • Instruction ID: 1a99e4392def1b605416f46e3147960cb17592dd8275db88d5f878599104deaf
                                  • Opcode Fuzzy Hash: 087de5e6dd1055750bf7132ea8417913862878fff25edd8fa91e2b0393d86743
                                  • Instruction Fuzzy Hash: 6471AAB1C10219EBDB00DF98C884B9EFBF8FF18304F14461BE815A3250E7B8A995CB95
                                  Function 004A0DE2 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 408timeCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,004A1227,00000000,00000000,00000000), ref: 004A10E6
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: InformationTimeZone
                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                  • API String ID: 565725191-239921721
                                  • Opcode ID: f479341c917e5b85ea8d4f872af5b2a7ed3f0ffe6aef50257419f0e8574b0954
                                  • Instruction ID: d63cae11faca7fbaaedfd5ec0c01f193a5a5e64d1a9f5e85edff99bc4745f09f
                                  • Opcode Fuzzy Hash: f479341c917e5b85ea8d4f872af5b2a7ed3f0ffe6aef50257419f0e8574b0954
                                  • Instruction Fuzzy Hash: D5C15872D00211ABDB20AB65CC02ABF7BB9EF76754F10405BF901EB291E7788E41D798
                                  Function 00481F10 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 282COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0045D680: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 0045D726
                                    • Part of subcall function 0045D680: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 0045D750
                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00482387
                                    • Part of subcall function 0043E440: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0043E4CF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Ios_base_dtor___std_fs_convert_narrow_to_wide@20std::ios_base::_
                                  • String ID: 0hC$exists
                                  • API String ID: 1525435645-4085241440
                                  • Opcode ID: 8ca7fd5849306998ec001e4bdecb4b4743a0745ed80b2030e0a7e1d66a3192b0
                                  • Instruction ID: 349907f898d0770bf1c6c6bee16b757a414fbaa0545e2b95a55e182eb82389be
                                  • Opcode Fuzzy Hash: 8ca7fd5849306998ec001e4bdecb4b4743a0745ed80b2030e0a7e1d66a3192b0
                                  • Instruction Fuzzy Hash: 1ED19F70D0528CDAEB10DBA8CA45BDCBBF0AF19308F2480DDD4456B282D7B95F58DB56
                                  Function 00438180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 004381BC
                                    • Part of subcall function 004B849F: FindNextFileW.KERNELBASE(?,00000001,?,00437D97,?,00000001,?,004BDC4D,00000001,?,?,?,14DA7ED4,00000001), ref: 004B84A8
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileFindNext___std_fs_directory_iterator_advance@8
                                  • String ID: .$directory_iterator::operator++
                                  • API String ID: 3878998205-1036657373
                                  • Opcode ID: 42ea8ddbda2b7e0b12b5802c67e6a5f09428df7f782a6b2438fae6bd72fb2b67
                                  • Instruction ID: 735a56af49808cf236c7d8626bd4983a1e4e1118483563b87a501f55d85a1d57
                                  • Opcode Fuzzy Hash: 42ea8ddbda2b7e0b12b5802c67e6a5f09428df7f782a6b2438fae6bd72fb2b67
                                  • Instruction Fuzzy Hash: C7318D70A047188BCF30DF59C8887ABF7B4EB49310F14429EE45997391DB395E85CA84
                                  Function 004868B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                  Strings
                                  • ProductName, xrefs: 00486900
                                  • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00486905
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Value
                                  • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                  • API String ID: 3702945584-1787575317
                                  • Opcode ID: b1b14b774ef6c570b057e3b558ffe0deac3071ed0933685e6c950abb9736e9bf
                                  • Instruction ID: c2d08890748770af0873008191db5a05c2fa34d27609d4939fc155a72502f57e
                                  • Opcode Fuzzy Hash: b1b14b774ef6c570b057e3b558ffe0deac3071ed0933685e6c950abb9736e9bf
                                  • Instruction Fuzzy Hash: 95218EB09003599BDB20DF54C805BEABBF8FF04704F10465EE845A7681DBB86A44CB95
                                  Function 00487290 Relevance: 4.7, APIs: 3, Instructions: 178registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegOpenKeyExA.KERNEL32(80000001,0047F265,00000000,00020019,00000000,14DA7ED4,?,0051C288), ref: 0048735B
                                  • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00487397
                                  • RegCloseKey.ADVAPI32(00000000), ref: 0048751D
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CloseEnumOpen
                                  • String ID:
                                  • API String ID: 1332880857-0
                                  • Opcode ID: 583436978cce415da765378ea93a3ed95bf41f57cd7b16fc1002d349e714ed29
                                  • Instruction ID: e90b3dd054a924dd9803ab5f17a38fc1c4cefb0d6438d00707aa441ccba3a8d8
                                  • Opcode Fuzzy Hash: 583436978cce415da765378ea93a3ed95bf41f57cd7b16fc1002d349e714ed29
                                  • Instruction Fuzzy Hash: E3717FF0D012189FDB20DF24CD94B9DB7B4EB54304F1082DAEA19A7281D774AE88CF99
                                  Function 004870B0 Relevance: 4.6, APIs: 3, Instructions: 115registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,14DA7ED4,0051C570,0051C2A0), ref: 00487182
                                  • RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                  • RegCloseKey.ADVAPI32(00000000), ref: 00487260
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CloseOpenQueryValue
                                  • String ID:
                                  • API String ID: 3677997916-0
                                  • Opcode ID: 57d060fa11377f52f079fc837384727404e649e1529402bdcb096a3e64267e6d
                                  • Instruction ID: b9c4edd99e38da91ddb4c738108b0054469e00b62f6e0a688ac56e9026d709b2
                                  • Opcode Fuzzy Hash: 57d060fa11377f52f079fc837384727404e649e1529402bdcb096a3e64267e6d
                                  • Instruction Fuzzy Hash: 905130B0D042189BDB20DF15CD54B9AB7F8FF45708F5042DEE609A7281DB74AA88CF99
                                  Function 004855F0 Relevance: 4.6, APIs: 3, Instructions: 99networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • recv.WS2_32(?,00000001,00000000), ref: 004857E2
                                  • closesocket.WS2_32(0000026C), ref: 004857EE
                                  • WSACleanup.WS2_32 ref: 004857F4
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Cleanupclosesocketrecv
                                  • String ID:
                                  • API String ID: 3447645871-0
                                  • Opcode ID: a55422f294b4942afa1ff90dfbe741e21dd202ebe771de9cafeea328bec9a277
                                  • Instruction ID: c065b03366e761df0b34e2ad76ec595a4b6e3bb6db0e63c2aea2bbb819f94b56
                                  • Opcode Fuzzy Hash: a55422f294b4942afa1ff90dfbe741e21dd202ebe771de9cafeea328bec9a277
                                  • Instruction Fuzzy Hash: 6C415830D11398CEEB14EB65CC59BDEBB71AF10308F1081DAE449672A2DB741E88DFA5
                                  Function 00485E30 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetUserGeoID.KERNEL32(00000010), ref: 00485E6C
                                  • GetGeoInfoA.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00485E7E
                                  • GetGeoInfoA.KERNEL32(0000000F,00000004,?,00000000,00000000), ref: 00485ED6
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Info$User
                                  • String ID:
                                  • API String ID: 2017065092-0
                                  • Opcode ID: 76db3dc4c87bbc6f384a5473c1c7e0f0467f6834ab8a05054a61e1c1351183cd
                                  • Instruction ID: dee3d2b381a88aa75edb4726eebd2668ef991be1adfc48943d59dd3409b8a73b
                                  • Opcode Fuzzy Hash: 76db3dc4c87bbc6f384a5473c1c7e0f0467f6834ab8a05054a61e1c1351183cd
                                  • Instruction Fuzzy Hash: 60219D70A40305ABE730DF65DD09B5BBBF8EB44B14F104A1EF545AB6C0D7B9AA048BE4
                                  Function 004A2897 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentProcess.KERNEL32(?,?,004A2891,00000016,0049036B,?,?,14DA7ED4,0049036B,?), ref: 004A28A8
                                  • TerminateProcess.KERNEL32(00000000,?,004A2891,00000016,0049036B,?,?,14DA7ED4,0049036B,?), ref: 004A28AF
                                  • ExitProcess.KERNEL32 ref: 004A28C1
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Process$CurrentExitTerminate
                                  • String ID:
                                  • API String ID: 1703294689-0
                                  • Opcode ID: c52b8aea0878e361db6f998eabd52a91712daacfbdb63a7d2bb12d779e64a9bf
                                  • Instruction ID: 5f52cdf8944b70cf92df4f225d6e01553ce615c3954620652ef0a1f31c52b3c3
                                  • Opcode Fuzzy Hash: c52b8aea0878e361db6f998eabd52a91712daacfbdb63a7d2bb12d779e64a9bf
                                  • Instruction Fuzzy Hash: ACD09E71001108BBDF423F65ED0DB8E3F2AEF55745F044026B9095A131DB799995EB98
                                  Function 004487D0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 282COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0048A490: GetEnvironmentStringsW.KERNEL32(14DA7ED4), ref: 0048A4E4
                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00448C83
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: EnvironmentIos_base_dtorStringsstd::ios_base::_
                                  • String ID: 0hC
                                  • API String ID: 21748421-2581318919
                                  • Opcode ID: 32cf3fd00b256853298aeee19d6a53faff9ad05029ab8b651d4d6efafff1f4c4
                                  • Instruction ID: f3a074da2f4c09c6f09d17eaf24c6677e7622b6743d10a431c53a42b2b0ae44f
                                  • Opcode Fuzzy Hash: 32cf3fd00b256853298aeee19d6a53faff9ad05029ab8b651d4d6efafff1f4c4
                                  • Instruction Fuzzy Hash: 9DE137B0D00269CBDB25DF18C841BDDBBB4BF59304F1086EAD44977242EB756A85CF91
                                  Function 0047EE90 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 177COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0047F1C0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,14DA7ED4), ref: 0047F211
                                    • Part of subcall function 0047F1C0: RegCloseKey.ADVAPI32(00000000), ref: 0047F221
                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047F194
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CloseIos_base_dtorOpenstd::ios_base::_
                                  • String ID: 0hC
                                  • API String ID: 1131316584-2581318919
                                  • Opcode ID: 7cba46937cda891c258594ace6fbaf3fef31f328805038bc20a4f0a0119cf12a
                                  • Instruction ID: cfb713b882ce29762410958d43b6c09695d359a02ab63b143eff75d03a191730
                                  • Opcode Fuzzy Hash: 7cba46937cda891c258594ace6fbaf3fef31f328805038bc20a4f0a0119cf12a
                                  • Instruction Fuzzy Hash: 59911674C00298CBDB20DF68C845BDDBBB0AB19314F1086EAD45977282DB746E88CF95
                                  Function 00486F20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 00486F86
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID: Unknown
                                  • API String ID: 2104809126-1654365787
                                  • Opcode ID: d6032fd6981b0caf5e4c49708838f9cebd9397818ef9a0e4cf965eded2abff42
                                  • Instruction ID: 4cfd0b05124d6ad0cc2ed0fe670d1554fe3cca3eb32f1e14fa8b394e0e179909
                                  • Opcode Fuzzy Hash: d6032fd6981b0caf5e4c49708838f9cebd9397818ef9a0e4cf965eded2abff42
                                  • Instruction Fuzzy Hash: 74418B71D00258CBDB20DF69C8407DEFBF4EF49704F1082AAD899A7281D774AA88CF91
                                  Function 004ABC08 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00434FF1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: MC
                                  • API String ID: 2659868963-1829682832
                                  • Opcode ID: a7a485d9c83800eb579eb1fbe217d44add95b41717c89af58e444174cff24a24
                                  • Instruction ID: 040724f085c67d798f1d490f9b73413860191a50a7d7deb79defe6124e27c29a
                                  • Opcode Fuzzy Hash: a7a485d9c83800eb579eb1fbe217d44add95b41717c89af58e444174cff24a24
                                  • Instruction Fuzzy Hash: 3611EB71800308ABCB10DF58DC01B9AB7ACEB15724F10466FF81597780EB79A940CBD8
                                  Function 00447920 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0044799C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Ios_base_dtorstd::ios_base::_
                                  • String ID: 0hC
                                  • API String ID: 323602529-2581318919
                                  • Opcode ID: 5129ab555f51bed53336c49a6076550c51d3d5e874f0d443237048deba2c8ea9
                                  • Instruction ID: 8ca8b340eaa0dfe9bad33bee777e0704730a4b63aab2394a13b70ad755bbc225
                                  • Opcode Fuzzy Hash: 5129ab555f51bed53336c49a6076550c51d3d5e874f0d443237048deba2c8ea9
                                  • Instruction Fuzzy Hash: CD11ADB0840609DFDB10DF59C840A9DFBF8FB05328F208A6EE85197390EB74AA05CB80
                                  Function 00437CB0 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_fs_directory_iterator_open@12.LIBCPMT ref: 00437D64
                                  • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00437D92
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_fs_directory_iterator_advance@8___std_fs_directory_iterator_open@12
                                  • String ID:
                                  • API String ID: 3016148460-0
                                  • Opcode ID: 73963d7e42f46bada0bb91468d8e6c86860c6526e71e689b58131c2916953d37
                                  • Instruction ID: c774fac7b26238caf8a18ea1cc9dfb162d547f418ec2e445b27f5ef4f4107e88
                                  • Opcode Fuzzy Hash: 73963d7e42f46bada0bb91468d8e6c86860c6526e71e689b58131c2916953d37
                                  • Instruction Fuzzy Hash: E841A0B1D04218DBCB34DF64C480AEEB7B4EF19324F00516BE851AB381EB789D44CB94
                                  Function 00480F90 Relevance: 3.1, APIs: 2, Instructions: 108COMMON
                                  Download Yara Rule
                                  APIs
                                  • SHGetKnownFolderPath.SHELL32(004E05C0,00000000,00000000,?,14DA7ED4,?,?), ref: 0048101E
                                  • CoTaskMemFree.OLE32(?), ref: 004810DC
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FolderFreeKnownPathTask
                                  • String ID:
                                  • API String ID: 969438705-0
                                  • Opcode ID: 72aa8b02f906d3fbe3ba85b36074818c76339de4eced8fbcc3b8c7e13541c268
                                  • Instruction ID: 3e538bd659216d3e4857fbb8bc962106784e19cd0647cea7878622876b38b54a
                                  • Opcode Fuzzy Hash: 72aa8b02f906d3fbe3ba85b36074818c76339de4eced8fbcc3b8c7e13541c268
                                  • Instruction Fuzzy Hash: 4241ACB0D01748DBDB10CFA5C9457AEFBF4EF58314F20421EE811A7280EBB86A44CB94
                                  Function 0047F1C0 Relevance: 3.1, APIs: 2, Instructions: 82registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,14DA7ED4), ref: 0047F211
                                  • RegCloseKey.ADVAPI32(00000000), ref: 0047F221
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CloseOpen
                                  • String ID:
                                  • API String ID: 47109696-0
                                  • Opcode ID: 53310d44514645ec7d69775a39ecbdcf721de23dfed265a4b960d742e8fdaebb
                                  • Instruction ID: 54b3090d3cf4edc9b1beeea5084ab922e7ff7cf66e968ba670c482e571a875e7
                                  • Opcode Fuzzy Hash: 53310d44514645ec7d69775a39ecbdcf721de23dfed265a4b960d742e8fdaebb
                                  • Instruction Fuzzy Hash: 1021F675E002199BDB10EF95DC81BEFB7B4EB48714F14827EE819B7382EB399D048694
                                  Function 0049AD6F Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetStdHandle.KERNEL32(000000F6), ref: 0049ADBB
                                  • GetFileType.KERNEL32(00000000), ref: 0049ADCD
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileHandleType
                                  • String ID:
                                  • API String ID: 3000768030-0
                                  • Opcode ID: 4f32fbaeb40bbd2ddea1473ad080d3a809991d13d49bec4850263f289b53d757
                                  • Instruction ID: 9b806bec79c801feb13e2bd810877b0a9fec2b0519df56a68c4b4061daa9a1e0
                                  • Opcode Fuzzy Hash: 4f32fbaeb40bbd2ddea1473ad080d3a809991d13d49bec4850263f289b53d757
                                  • Instruction Fuzzy Hash: B611B7311047514ACF304A3E8C886677E96AB56331B39073FD4B687AF1C338D9A691CB
                                  Function 0049F3BE Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,?,0049F4F8,00000000,00000000,00000000,00000002,00000000), ref: 0049F3FA
                                  • GetLastError.KERNEL32(00000000,?,0049F4F8,00000000,00000000,00000000,00000002,00000000,?,0049BE05,00000000,00000000,00000000,00000002,00000000,00000000), ref: 0049F407
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorFileLastPointer
                                  • String ID:
                                  • API String ID: 2976181284-0
                                  • Opcode ID: 80260035985e1c693c2aa0c1ce2b926f9b01d7339fcba6fc68b9113c9f56a2d4
                                  • Instruction ID: e391caa542caa0dd86735aa216be2178a54a5bfb1c46ce41420e93566301b438
                                  • Opcode Fuzzy Hash: 80260035985e1c693c2aa0c1ce2b926f9b01d7339fcba6fc68b9113c9f56a2d4
                                  • Instruction Fuzzy Hash: 57012232614215AFCF058F69DC49D9E3F2AEF95324F24422AF811DB290E775EE41CB94
                                  Function 0047E47D Relevance: 3.1, APIs: 2, Instructions: 51synchronizationCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 004473D0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,14DA7ED4), ref: 0044741C
                                    • Part of subcall function 004473D0: Process32FirstW.KERNEL32(00000000,?), ref: 00447468
                                    • Part of subcall function 00445950: CredEnumerateA.ADVAPI32(00000000,00000000,?,?,14DA7ED4,00000000,?), ref: 004459B2
                                    • Part of subcall function 00485350: recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                  • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                  • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                  • String ID:
                                  • API String ID: 420082584-0
                                  • Opcode ID: 43ab8f6d0282bbd386fa8db408f8dbade1bdb5759a0961783a362487319a2d08
                                  • Instruction ID: 21d12501465ffecb104f3396b5f4d487cf58cbb0265569f00e2db2d4d6eee1e0
                                  • Opcode Fuzzy Hash: 43ab8f6d0282bbd386fa8db408f8dbade1bdb5759a0961783a362487319a2d08
                                  • Instruction Fuzzy Hash: D9114C71806548EAEB00FBF7950639DB7A0AF0431CF10C59FE90623182DF7D1A0596AF
                                  Function 0047E4C8 Relevance: 3.0, APIs: 2, Instructions: 40synchronizationCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00485350: recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                  • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                  • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CloseHandleMutexReleaserecv
                                  • String ID:
                                  • API String ID: 2659716615-0
                                  • Opcode ID: 0316209b74f7a510048f6aca9fcb45fc03c3e98c7b54836586b8f6f774e638a0
                                  • Instruction ID: d8074609c4b6b56a118d8c4864159468ec2ce210cc92c7876c64f9fcb1cee0d4
                                  • Opcode Fuzzy Hash: 0316209b74f7a510048f6aca9fcb45fc03c3e98c7b54836586b8f6f774e638a0
                                  • Instruction Fuzzy Hash: CD017171806518DAE710FBE2D50679DB7A0AF0931CF50869FE90623282DF791A0187AE
                                  Function 0049C0BD Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000000,00000000,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0D3
                                  • GetLastError.KERNEL32(?,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0DE
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorFreeHeapLast
                                  • String ID:
                                  • API String ID: 485612231-0
                                  • Opcode ID: 2c7be629525b77807a060ce78cd6937da288636f168411113672e5418cb75576
                                  • Instruction ID: 589170845ab709ad3b3b60fb6adb52998bb4654d1de7eee66c817f55301082a8
                                  • Opcode Fuzzy Hash: 2c7be629525b77807a060ce78cd6937da288636f168411113672e5418cb75576
                                  • Instruction Fuzzy Hash: 9BE08631500614A7CF222BA1EC0D7893F58DB40355F104036F60897160DF398940CB88
                                  Function 0048FAB0 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0048FCEA
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 54dc556bc546888474d3f19e34a31102f3849cfd2e1ddc240e0765d6926b334a
                                  • Instruction ID: 258a51d4530bdfdbcfb978a880514f411ab203130510da66870d02f2c2448e76
                                  • Opcode Fuzzy Hash: 54dc556bc546888474d3f19e34a31102f3849cfd2e1ddc240e0765d6926b334a
                                  • Instruction Fuzzy Hash: DB71F671A002088FCB24EF28C490B6E77A5BF15314F244A7FE865CB791D739EA49CB95
                                  Function 0044AF90 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9135f7d9b5d1880a46c4ac02def5f1366672d51aadf79d8842421bd6ac20231f
                                  • Instruction ID: 5047db877c7d9ae38b531aa0dda64427d2377832e7d6361d0852b000475400c5
                                  • Opcode Fuzzy Hash: 9135f7d9b5d1880a46c4ac02def5f1366672d51aadf79d8842421bd6ac20231f
                                  • Instruction Fuzzy Hash: F45180B5A0060ADFDB18CF28D480999FBB4FF4A320B5082AAE819C7B51D735ED55CBD4
                                  Function 0049E314 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f4d1b25cda05e585bd14aeef0c776674eabbc591f49ad1024f01acac1088cae4
                                  • Instruction ID: 7d9f16a24b0820fe6bfe4efb506255557b861a5981f24711c09fdeca13a2084c
                                  • Opcode Fuzzy Hash: f4d1b25cda05e585bd14aeef0c776674eabbc591f49ad1024f01acac1088cae4
                                  • Instruction Fuzzy Hash: 8751C470A00104EFDF14CF5ACC85AAE7FA5AF99324F28816AE8095B352D379DE41CB95
                                  Function 00458550 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 004586AF
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 9d0e38e8a100f06b44e5b2c958822f107f66b3500270d3682d1b991c4f050d55
                                  • Instruction ID: 39eac46aceff4f274d7df031c3ad8bb7d561d247c585fc64f7f09dd83a036c2e
                                  • Opcode Fuzzy Hash: 9d0e38e8a100f06b44e5b2c958822f107f66b3500270d3682d1b991c4f050d55
                                  • Instruction Fuzzy Hash: E941A4B1E001159FDB04DFA8C841AAEBBB5EF48315F10422EE815F7386DB34AE09CB95
                                  Function 004520F0 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0045223D
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 8aafa409fbbe6252fd8d16ac1cef4b76429e1a26ed72850fe408f5c857c7a805
                                  • Instruction ID: 543f2dd5f5f38f41d79c3b3e326d175c20dbca08f8aec97f7e4552ad9d8ce088
                                  • Opcode Fuzzy Hash: 8aafa409fbbe6252fd8d16ac1cef4b76429e1a26ed72850fe408f5c857c7a805
                                  • Instruction Fuzzy Hash: E1411272E001149BCB05EF68CD806AFB7A5EF56311F1402AFFC15EB302D6789E158B99
                                  Function 00451F90 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 004520DE
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: a14de396b08b32659630435c90f611bc18073001c29953638865ceda2285425b
                                  • Instruction ID: 53fc907bca80d66a09b4c03435f3e8acb878ccb904669eb33cf36a05cbe64725
                                  • Opcode Fuzzy Hash: a14de396b08b32659630435c90f611bc18073001c29953638865ceda2285425b
                                  • Instruction Fuzzy Hash: E7414272D001049BCB15AF68CD806AEBBA5AF4A305F1002ABED15EB342D7749E158BD9
                                  Function 0048F890 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0048F9FA
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: d2fccf6f5b3df297b65b13170b90e5c1872a490292f016b70dee3939b6e05f49
                                  • Instruction ID: 91311e753e2fbbf9cdae31aef67f458025fa5287f257254b7d49e4ed808e7769
                                  • Opcode Fuzzy Hash: d2fccf6f5b3df297b65b13170b90e5c1872a490292f016b70dee3939b6e05f49
                                  • Instruction Fuzzy Hash: 4F41B3B2E005049FDB14EF68C985A6EBBA9EB49320F24473EE815D7385DB349D04CB95
                                  Function 00451E50 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00451F7F
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: bceca21abfd596b49baddf9976fd8ae7e3bbe9a292c563c34926c129456dd860
                                  • Instruction ID: dbfd0375bb16cbcb281b8a1501cab73851c3df864c0bb83deedb38d5f1c134ec
                                  • Opcode Fuzzy Hash: bceca21abfd596b49baddf9976fd8ae7e3bbe9a292c563c34926c129456dd860
                                  • Instruction Fuzzy Hash: 72312572A001049BCB14DF688881B9FBBA5AB59315B24426FEC15CB303DB34DE5987D9
                                  Function 004516D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 004517DF
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 4beab17cec18f8408a3d260484db6fe46066ad92ba7b493454d35fe0c2aa28c2
                                  • Instruction ID: 65e916faade23ef3c336758c75d3ad3b55c144e32e026a5ec30b5c92d10e86c8
                                  • Opcode Fuzzy Hash: 4beab17cec18f8408a3d260484db6fe46066ad92ba7b493454d35fe0c2aa28c2
                                  • Instruction Fuzzy Hash: BB316772E001105BCB18EE6D9880A6FB7E9EB88312B24427FEC15D7352DA38DD0987D9
                                  Function 0044D7D0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0044D8F9
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 4a7e0aa971e9c18d460f3d63606fed0fdd4bc56cc13da704aad23d70c2080c39
                                  • Instruction ID: 6687ec20b77dec97c90771c2cbe71989815263d1b8fcacfb2e06f2ee49a1853a
                                  • Opcode Fuzzy Hash: 4a7e0aa971e9c18d460f3d63606fed0fdd4bc56cc13da704aad23d70c2080c39
                                  • Instruction Fuzzy Hash: C3310A71E002045BE714AE6DD880A7EB7A4EF55324F24477FF865C7382D67899408759
                                  Function 0044BAD0 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0044BBB3
                                    • Part of subcall function 00434F80: ___std_exception_copy.LIBVCRUNTIME ref: 00434FF1
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task___std_exception_copy
                                  • String ID:
                                  • API String ID: 1979911387-0
                                  • Opcode ID: 14553861a0e6d344c6703ce135879dfe8084568f0dbccc5b703b736294f01183
                                  • Instruction ID: f8cf7cd3dcf405c094d14d4edd2427269fc308b55f739c6c677f8adad7f52d2f
                                  • Opcode Fuzzy Hash: 14553861a0e6d344c6703ce135879dfe8084568f0dbccc5b703b736294f01183
                                  • Instruction Fuzzy Hash: 902126B1E006059BE7149F25D48166AB7A4EF15324F20036FE8258BB91E739FE90C7D6
                                  Function 004BB697 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __wsopen_s
                                  • String ID:
                                  • API String ID: 3347428461-0
                                  • Opcode ID: c0068bc3e55a3d1622d6bbbbb6d136ac2493d2630b2467d4896e3e7752e83962
                                  • Instruction ID: 7232828ef0ab4ea1277fc9c55e8108ad49929c9e06a984f5114aae078e858d40
                                  • Opcode Fuzzy Hash: c0068bc3e55a3d1622d6bbbbb6d136ac2493d2630b2467d4896e3e7752e83962
                                  • Instruction Fuzzy Hash: B9113671A0010AAFCB05DF58E9819CF7BF4EF88304F00405AF808AB311D770D9118BA4
                                  Function 00482930 Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • send.WS2_32(?,?,00000000), ref: 00482968
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: send
                                  • String ID:
                                  • API String ID: 2809346765-0
                                  • Opcode ID: 2e230c4dbecb0c91bd7935fcc59657d459b7808623847299c78205d0fd7c7ba6
                                  • Instruction ID: 15365ef676efcd120e403479619ae1d38f6ec3fc5171ce29fb9a7f72e5811cf6
                                  • Opcode Fuzzy Hash: 2e230c4dbecb0c91bd7935fcc59657d459b7808623847299c78205d0fd7c7ba6
                                  • Instruction Fuzzy Hash: 93F0B472302115AB83109A5DAD4096BF7DEDBCA7B0B2003A7FC2CC33E0E9618C0153D4
                                  Function 0049C6A4 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000008,0043FE48,00000001,?,00499445,00000001,00000364,00000001,00000006,000000FF,?,004AD408,0043FE4A,0043FE44,?), ref: 0049C6E5
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 934b5854b3b2fba1ba84eb25d33e8f66ddb7b9c5617b0a1ffb822db2bfc3c07a
                                  • Instruction ID: bf89d2d5fe5833ab0f4bff440cdb33f04d1e0b68cec02520bce29c64fa949510
                                  • Opcode Fuzzy Hash: 934b5854b3b2fba1ba84eb25d33e8f66ddb7b9c5617b0a1ffb822db2bfc3c07a
                                  • Instruction Fuzzy Hash: 82F0BE322852256BAF215B229D85B5B3F589B417E0F195037FC08EA290CE78EC008AEC
                                  Function 004406AD Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindNextFileW.KERNELBASE(00000000,?), ref: 004406F2
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileFindNext
                                  • String ID:
                                  • API String ID: 2029273394-0
                                  • Opcode ID: df8edaa59d5e1f82e8cad7747c6b34272b3092e2e70faf3eef711e3f2ee9bc11
                                  • Instruction ID: a1ffe5c8ce5f1f1a4397a2b9345f76ae3c812c30bf0ac5870f9d4861cf5b4c4e
                                  • Opcode Fuzzy Hash: df8edaa59d5e1f82e8cad7747c6b34272b3092e2e70faf3eef711e3f2ee9bc11
                                  • Instruction Fuzzy Hash: 95015631A0625DDFEB20DFA4D988BAEBBB4EF14314F2040DAD909A7282C7346E04DF55
                                  Function 0049D15A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000000,00000001,0043FE44,?,004AD408,0043FE4A,0043FE44,?,?,?,00434C2F,0043FE48,0043FE48), ref: 0049D18C
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 7ee9b205990c537f360d36ea94f63206e53d45b0dbf15067b0b63116574bd50f
                                  • Instruction ID: de2ad87b2feeaf860c8dfd974d012cc9eb33a1afe18dd843800594eb24cb3dbb
                                  • Opcode Fuzzy Hash: 7ee9b205990c537f360d36ea94f63206e53d45b0dbf15067b0b63116574bd50f
                                  • Instruction Fuzzy Hash: 08E0E533A0132166EF212BA6AD02B5B3E48CB513A0F190137EC18962C4CB28DC0082ED
                                  Function 004A8D62 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: H_prolog3
                                  • String ID:
                                  • API String ID: 431132790-0
                                  • Opcode ID: 3aba680758f6379cc1f0e69a772bc6cab6bd8c88bcc4b04971677c60b68784ff
                                  • Instruction ID: f589969de9c028132caa70972cc51c37c6bf7195d426b38a2c2fae52dece88af
                                  • Opcode Fuzzy Hash: 3aba680758f6379cc1f0e69a772bc6cab6bd8c88bcc4b04971677c60b68784ff
                                  • Instruction Fuzzy Hash: 71E09A76C4020D9ADB40DFD5C486BEFB7BCAB14304F50406BA205E6181EB7857448BE5
                                  Function 004BC233 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • CreateFileW.KERNEL32(?,00000000,?,004BC623,?,?,00000000,?,004BC623,?,0000000C), ref: 004BC250
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: dd275b77e4c8549b8163696f0af87788398892aa77d507c51891a1137c56f0af
                                  • Instruction ID: c65ff2ef24fd0563ec255788cd93a1d7270b85fbbbb51eec7110af243f851585
                                  • Opcode Fuzzy Hash: dd275b77e4c8549b8163696f0af87788398892aa77d507c51891a1137c56f0af
                                  • Instruction Fuzzy Hash: 05D06C3200010DBBDF028F84EC06FDA3BAAFB48714F018010BA1866020C732E821ABA4
                                  Function 004B9AE2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetNativeSystemInfo.KERNEL32(?,?,?,00486DD6,?,?,?,14DA7ED4,?,?), ref: 004B9AEC
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: InfoNativeSystem
                                  • String ID:
                                  • API String ID: 1721193555-0
                                  • Opcode ID: 19af6f8f66515c3ad7801cfde8998948d5a7d817498514074e40bdf49eb42b08
                                  • Instruction ID: f88b8e15ca571a688dc5d535dfb7cb0f1e1a76fd2fb5174ce8f8aecae7ce3306
                                  • Opcode Fuzzy Hash: 19af6f8f66515c3ad7801cfde8998948d5a7d817498514074e40bdf49eb42b08
                                  • Instruction Fuzzy Hash: 0EC09B7490610E97CF00E7E5D94D88E77FCA608204F4004A1D551E3140E770FD45C795

                                  Non-executed Functions

                                  Function 0048A0A0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 325nativelibraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleA.KERNEL32(ntdll.dll,NtDuplicateObject,14DA7ED4,?,?), ref: 0048A0F7
                                  • GetProcAddress.KERNEL32(00000000), ref: 0048A0FE
                                  • OpenProcess.KERNEL32(00000040,00000000,00000000), ref: 0048A12A
                                  • NtQuerySystemInformation.NTDLL ref: 0048A153
                                  • NtQuerySystemInformation.NTDLL ref: 0048A178
                                  • GetCurrentProcess.KERNEL32 ref: 0048A1FD
                                  • NtQueryObject.NTDLL ref: 0048A22B
                                  • GetFinalPathNameByHandleA.KERNEL32(00000000,00000000,00000104,00000000,00000104,?,00000104,00000000), ref: 0048A315
                                  • CloseHandle.KERNEL32(00000000), ref: 0048A3E6
                                  • CloseHandle.KERNEL32(00000000), ref: 0048A441
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Handle$Query$CloseInformationProcessSystem$AddressCurrentFinalModuleNameObjectOpenPathProc
                                  • String ID: File$NtDuplicateObject$ntdll.dll
                                  • API String ID: 2729825427-3955674919
                                  • Opcode ID: 8320b73641bfe2fd6a36d39389df1be313783445bc61d84dd6fe8aca722285e2
                                  • Instruction ID: 0800680efb81c18e2f896ca5fb1c4f1751909ec1a20682d0b449f1ef79601e33
                                  • Opcode Fuzzy Hash: 8320b73641bfe2fd6a36d39389df1be313783445bc61d84dd6fe8aca722285e2
                                  • Instruction Fuzzy Hash: C3C1DE71D00218AFEF10EFA4DC45BAEBBB5FF44704F14452AE801A7281E7B9AD45CB96
                                  Function 00419770 Relevance: 19.9, Strings: 2, Instructions: 17397COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: >c8 $YD@
                                  • API String ID: 0-2642259206
                                  • Opcode ID: 9dcf1b6b055526eb8ca3ce4f11dbcb7f980ceb29aa0c624363f390bc07ec487a
                                  • Instruction ID: 09539a6074c3f18202d3a6a28530d7ff6b4f8ede69b731f3fb06677334c75715
                                  • Opcode Fuzzy Hash: 9dcf1b6b055526eb8ca3ce4f11dbcb7f980ceb29aa0c624363f390bc07ec487a
                                  • Instruction Fuzzy Hash: B0B4BCB4D0525E8FCB15CFA8D9916EEFBB1AF59304F204299E948B7311D7302A81CFA5
                                  Function 0047D2F0 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 410COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 004517F0: Concurrency::cancel_current_task.LIBCPMT ref: 004518C2
                                    • Part of subcall function 0044DCC0: std::ios_base::_Addstd.LIBCPMT ref: 0044DDEF
                                    • Part of subcall function 00436640: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004366E9
                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047D95A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::ios_base::_$Ios_base_dtor$AddstdConcurrency::cancel_current_task
                                  • String ID: .cmd$.exe$.ps1$.vbs$.G$0hC$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$open$runas
                                  • API String ID: 2154145882-3307477358
                                  • Opcode ID: 272a3eff05d2f0994a98a4670cb8ea359793a3df70236ba5e5f34b7e97b052ef
                                  • Instruction ID: f5ba6b163c3a98fee3f853caf05b9595179ad2eb3f8f0c36a39513699dfd7300
                                  • Opcode Fuzzy Hash: 272a3eff05d2f0994a98a4670cb8ea359793a3df70236ba5e5f34b7e97b052ef
                                  • Instruction Fuzzy Hash: 6A122770D00268DFDB20DF64CD85BDEBBB4AF19304F1481EAE849A7282DB755A84CF95
                                  Function 00408270 Relevance: 12.0, Strings: 2, Instructions: 9466COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: &iK$:v*-
                                  • API String ID: 0-925339778
                                  • Opcode ID: 6b47c74f841ad1849f2da8e01aa531820f855eb79643490a739ceb0f548cc6b8
                                  • Instruction ID: a5ef6df3ed742f4fc82cee9b264c17634f39eece1ce4240dfd370ecc90fa88ba
                                  • Opcode Fuzzy Hash: 6b47c74f841ad1849f2da8e01aa531820f855eb79643490a739ceb0f548cc6b8
                                  • Instruction Fuzzy Hash: 3F44BDB8D0525ECBCB15CFA8C991AEEBBB1BF49300F20429AD94977311D7341A85CFA5
                                  Function 004A70A7 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __floor_pentium4
                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                  • API String ID: 4168288129-2761157908
                                  • Opcode ID: 9bb7f0d4613073bb4100fe9d2ee9a21b6dd33393f0141ef8f2b167b3b51c02dc
                                  • Instruction ID: b32a4effb01217c3c1626ef3a6516b83a08c7bb55f85dd273b9c2c9ced56d987
                                  • Opcode Fuzzy Hash: 9bb7f0d4613073bb4100fe9d2ee9a21b6dd33393f0141ef8f2b167b3b51c02dc
                                  • Instruction Fuzzy Hash: 9ED21871E086288FDB75CE28CD407EAB7B5EB66315F1441EBD40DA7240EB78AE818F45
                                  Function 00479130 Relevance: 9.4, Strings: 7, Instructions: 665COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: IG$build_name$extensions$grabber_max_size$links$port$self_destruct
                                  • API String ID: 0-2908327215
                                  • Opcode ID: b5557c1040c02529518dcf018fa524abe9d8d6e196c925b98e71a1a8f624317e
                                  • Instruction ID: a22682addece9ab4aab630da547c02470b3c7154c591281f96a53a82de49a099
                                  • Opcode Fuzzy Hash: b5557c1040c02529518dcf018fa524abe9d8d6e196c925b98e71a1a8f624317e
                                  • Instruction Fuzzy Hash: 6E72DFB4D04358CFEB14CFA9DA90BEDBBB0BF59308F248199D449AB351EB305A85CB54
                                  Function 0046B620 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 331COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B7DA
                                  • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B81E
                                  • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B924
                                  • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B970
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_fs_directory_iterator_advance@8
                                  • String ID: .
                                  • API String ID: 2610647541-248832578
                                  • Opcode ID: 2e775b534ccb48514fa1d19158a196e6f147d360d3fd40777325cb8899fa8bdc
                                  • Instruction ID: 99e23c5b304899c8ab8714ce46d423df57297e0934c6bc539a0dfe6d7ec6f1b4
                                  • Opcode Fuzzy Hash: 2e775b534ccb48514fa1d19158a196e6f147d360d3fd40777325cb8899fa8bdc
                                  • Instruction Fuzzy Hash: 77C1BF75A016269FCB20DF18C8847AAB3B5FF44314F14829AD915D7390EB39AD85CFC6
                                  Function 004A6109 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 004A61A2
                                  • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 004A61CB
                                  • GetACP.KERNEL32 ref: 004A61E0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: InfoLocale
                                  • String ID: ACP$OCP
                                  • API String ID: 2299586839-711371036
                                  • Opcode ID: 83dfd683b9c94d176d38183288480b868ca78ec3c44069a2c66a1e4373e54840
                                  • Instruction ID: 02a1f9ff6d074017cf30d732e6d651dacf3b6180dce544ba7b26bbdffeda2481
                                  • Opcode Fuzzy Hash: 83dfd683b9c94d176d38183288480b868ca78ec3c44069a2c66a1e4373e54840
                                  • Instruction Fuzzy Hash: 14217731B00101A6DB348F54C901A9BBBA7EB76B54B5F8466E909D7302EB36DE41C358
                                  Function 004A62E5 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                    • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                  • GetUserDefaultLCID.KERNEL32 ref: 004A63ED
                                  • IsValidCodePage.KERNEL32(00000000), ref: 004A642B
                                  • IsValidLocale.KERNEL32(?,00000001), ref: 004A643E
                                  • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 004A6486
                                  • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 004A64A1
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                  • String ID:
                                  • API String ID: 415426439-0
                                  • Opcode ID: 478fc60fa90a9ec9e197162e05efa7e840982a7b058c794a341e424fb9183a7c
                                  • Instruction ID: c25bf07a23f3a9ec008bfe0b344d9b34e57977eb2ee5f51d57588e3c0d66081e
                                  • Opcode Fuzzy Hash: 478fc60fa90a9ec9e197162e05efa7e840982a7b058c794a341e424fb9183a7c
                                  • Instruction Fuzzy Hash: B351C031A00205ABDF10DFA5CC41AAF77B8BF2A700F09446BF905EB2C0D778D9058B68
                                  Function 0042D150 Relevance: 6.9, APIs: 1, Strings: 2, Instructions: 1683COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0042E6CB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID: !dYH$6b6=
                                  • API String ID: 118556049-155378937
                                  • Opcode ID: 016e682e6e92c56b7e5f52a4a6c50224f71debeb36c814b1b43eac77d68e84f3
                                  • Instruction ID: 3adec6fdbd1554a06cbe821abd73873d9aa74c181532ca023f18934c78765b13
                                  • Opcode Fuzzy Hash: 016e682e6e92c56b7e5f52a4a6c50224f71debeb36c814b1b43eac77d68e84f3
                                  • Instruction Fuzzy Hash: 6023CDB8D0525CCBDB25CFA8C990AEDBBB1BF59300F24429AD84977311E7742A86CF54
                                  Function 00498574 Relevance: 6.1, APIs: 4, Instructions: 82memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0049859D
                                  • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 004985B1
                                  • VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004,?,?,?,0000001C), ref: 00498602
                                  • VirtualProtect.KERNEL32(?,-00000001,00000104,?,?,?,0000001C), ref: 00498617
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Virtual$AllocInfoProtectQuerySystem
                                  • String ID:
                                  • API String ID: 3562403962-0
                                  • Opcode ID: 4e29c64980591c23c9d6474b97963c5f1eeeaad4aec7d0b9861b07a888b65890
                                  • Instruction ID: 57c86550534b148c15952eeeaf39776b02a492ab104de77fe61266457f658886
                                  • Opcode Fuzzy Hash: 4e29c64980591c23c9d6474b97963c5f1eeeaad4aec7d0b9861b07a888b65890
                                  • Instruction Fuzzy Hash: 91217C72E00119ABCF20DFA9DD85AEFBBB8EF45754F05017AE905E7140EA349D04C794
                                  Function 004AC6BF Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                  Download Yara Rule
                                  APIs
                                  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 004AC6CB
                                  • IsDebuggerPresent.KERNEL32 ref: 004AC797
                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004AC7B0
                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 004AC7BA
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                  • String ID:
                                  • API String ID: 254469556-0
                                  • Opcode ID: 1a5f2cb74b25642d18f707c0b6da8939d9b46288bf323feffe580c9d32bdbba1
                                  • Instruction ID: 70dc3419eb2b6db1900c7bd06373213fcab329736da06f39ceabfcfe7a7444e5
                                  • Opcode Fuzzy Hash: 1a5f2cb74b25642d18f707c0b6da8939d9b46288bf323feffe580c9d32bdbba1
                                  • Instruction Fuzzy Hash: E1314A75C012189BDF21DF61DC897CEBBB8BF18700F1041AAE40DAB250E7759A84CF48
                                  Function 0043D4A0 Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 725COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: content$filename
                                  • API String ID: 0-474635906
                                  • Opcode ID: b66f7423e610c841824d5b72251d930196416b83facb86d1c8f8609f3cb58a8b
                                  • Instruction ID: d087ffba84baf14db51f89a037efaf3a0efd4671473d6540ebf1f333b1c0f3d3
                                  • Opcode Fuzzy Hash: b66f7423e610c841824d5b72251d930196416b83facb86d1c8f8609f3cb58a8b
                                  • Instruction Fuzzy Hash: 5392EEB0C052AC9BDB66DF68D9857DDBBB4AF18308F1441DAE80CA7252EB741B84CF45
                                  Function 004B824D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,00000000,00000002,?,?,00435B2A,?,?), ref: 004B8261
                                  • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000,?,?,00435B2A,?,?), ref: 004B8288
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FormatInfoLocaleMessage
                                  • String ID: !x-sys-default-locale
                                  • API String ID: 4235545615-2729719199
                                  • Opcode ID: 84205eb8d4b061531bed3096fe064d3d6fd842fcad4d2f7a7c64ada32d2dc388
                                  • Instruction ID: 4f66f40a8a4f046c7b0032d4e1a4b833dd41128cf422eed9181fa496fdef01a0
                                  • Opcode Fuzzy Hash: 84205eb8d4b061531bed3096fe064d3d6fd842fcad4d2f7a7c64ada32d2dc388
                                  • Instruction Fuzzy Hash: 1AF030B5511108FFEF089BD5DC0EEEB77ACEB09394F10416AB501D6150E6B0AE00D778
                                  Function 004BA04D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 004805F0: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,14DA7ED4,00000000,004BCF70,000000FF,?,?,00513FC8), ref: 00480617
                                    • Part of subcall function 004805F0: GetLastError.KERNEL32(?,00000000,00000000,14DA7ED4,00000000,004BCF70,000000FF,?,?,00513FC8), ref: 00480621
                                  • IsDebuggerPresent.KERNEL32(?,?,?,00434B5D), ref: 004BA080
                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00434B5D), ref: 004BA08F
                                  Strings
                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 004BA08A
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                  • API String ID: 3511171328-631824599
                                  • Opcode ID: c51739a2d2ef137336e9adc3b97a1d747fb81e18f3053d9a6155fde0035c1d30
                                  • Instruction ID: d36ccacf6001ae6edc25a42526d65594664b7a1234a3e60676ee06f56b9b42c5
                                  • Opcode Fuzzy Hash: c51739a2d2ef137336e9adc3b97a1d747fb81e18f3053d9a6155fde0035c1d30
                                  • Instruction Fuzzy Hash: 64E065701007018FD330AF3AD40C3467BE0AB14304F00882FD945C7750E7B9D4088B66
                                  Function 00474190 Relevance: 3.9, Strings: 3, Instructions: 192COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: invalid BOM; must be 0xEF 0xBB 0xBF if given$invalid literal$null
                                  • API String ID: 0-704505451
                                  • Opcode ID: c2853c1b5150f4562c75b0c9af08e518547b875ff11f585f7cc727e4d436818e
                                  • Instruction ID: 900511fe56f482f81459f08a410c1a76c5e1d1655cedb158031f5ff095a229d0
                                  • Opcode Fuzzy Hash: c2853c1b5150f4562c75b0c9af08e518547b875ff11f585f7cc727e4d436818e
                                  • Instruction Fuzzy Hash: 315183307001089BCB24EF79A5527BDB3E4DB95314F00859FE80E8BBC2DF69AA5497D9
                                  Function 004320A0 Relevance: 2.8, Strings: 1, Instructions: 1521COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: mce
                                  • API String ID: 0-4153875931
                                  • Opcode ID: a73292159e262abdb433d94eaae0cf6bfd02510e463947a96e78a37495f057a5
                                  • Instruction ID: f690702d9b6e5b1c8f3d94d1572842c367def53288e29523866870a81cfcc782
                                  • Opcode Fuzzy Hash: a73292159e262abdb433d94eaae0cf6bfd02510e463947a96e78a37495f057a5
                                  • Instruction Fuzzy Hash: 0603DCB8D0424A9FDB04CF98D591AEEBFB1FF59304F248119D945BB302D7312A89CBA5
                                  Function 00407470 Relevance: 2.3, APIs: 1, Instructions: 833COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00407D8B
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: fe31969a8a19a14cbb2cc1aa8e38a226629513882e496fcef040987109d5691f
                                  • Instruction ID: 812474a2bd2a8ecf408f930e0567eb9d9337a7355d6dea629df30afde2b5ebb2
                                  • Opcode Fuzzy Hash: fe31969a8a19a14cbb2cc1aa8e38a226629513882e496fcef040987109d5691f
                                  • Instruction Fuzzy Hash: 7BA2D0B4D0429D8BDB15CFA8C9816EEBBB1FF58304F20819AD949BB345DB341A89CF54
                                  Function 0047E580 Relevance: 1.9, APIs: 1, Instructions: 415COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00481970: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,14DA7ED4), ref: 004819D8
                                  • ShellExecuteW.SHELL32(00000000,?,?,?,00000000,00000000), ref: 0047EC85
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExecuteFileModuleNameShell
                                  • String ID:
                                  • API String ID: 1703432166-0
                                  • Opcode ID: 7424804a8784dfbdf273c5a717085f3b2be6b7ed6bb5d16cf0bfa5b6ce38600f
                                  • Instruction ID: 2a91a513cc0bd4868b0af53c92a7a879c8891e0eaa161494f23d7b10a733aea0
                                  • Opcode Fuzzy Hash: 7424804a8784dfbdf273c5a717085f3b2be6b7ed6bb5d16cf0bfa5b6ce38600f
                                  • Instruction Fuzzy Hash: 5032AEB4D0625CEBDB25CF98E981ADDBBB1FF48314F24419AE809A7341E7706A85CF44
                                  Function 00462080 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00462407
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 998b97963232ca513792be5bccec286f05fd367684fe6908831998ecf4a6ed59
                                  • Instruction ID: ef4cf88e9a4fdd266e31e3aa05a67ef024deafe90fb21754261dea51a8be5403
                                  • Opcode Fuzzy Hash: 998b97963232ca513792be5bccec286f05fd367684fe6908831998ecf4a6ed59
                                  • Instruction Fuzzy Hash: 87D18A31D04A49DFCB05CFA8C9806ADFBF1BF59310F18865AD841EB341E7B4A985CB95
                                  Function 00462410 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00462797
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 77eb809091e37f4e40faa665b14a1fdc1f259fd5624333971882c80142aac5d8
                                  • Instruction ID: ac15f3507e96ea44d263738e0e8876a083df1079939a1e49c6866d189bdfc312
                                  • Opcode Fuzzy Hash: 77eb809091e37f4e40faa665b14a1fdc1f259fd5624333971882c80142aac5d8
                                  • Instruction Fuzzy Hash: 25D1AB31E0464ADFCB04CFA8C9806ADFBF0BF59310F18865AD841EB341E7B4A941CB95
                                  Function 004A620F Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                    • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,004A5FA9,00000000,00000000,?), ref: 004A623B
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorLast$InfoLocale
                                  • String ID:
                                  • API String ID: 3736152602-0
                                  • Opcode ID: 8b81b91eadfdb3b62c299d10167f1a9c9d1e1bff8d4bf303c7f3fb8fddf9b379
                                  • Instruction ID: 9487850153f17b5aff8b54b84101990ee62d9d6b8c11e223cf6e38bc87e8a6da
                                  • Opcode Fuzzy Hash: 8b81b91eadfdb3b62c299d10167f1a9c9d1e1bff8d4bf303c7f3fb8fddf9b379
                                  • Instruction Fuzzy Hash: 3C01DB33A10112ABDF286A658D06BBB7768DB51754F1A446FEC06A3680DA38ED41C698
                                  Function 00468750 Relevance: .4, Instructions: 402COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 346dc23a3b721231884126440995aecd87b62a600a1fea4fb977c7ca1dd55190
                                  • Instruction ID: f8786dd4fa61ba6b8208f2a0da3dfae63e0824739066c1b4c5cfb23239ebdf74
                                  • Opcode Fuzzy Hash: 346dc23a3b721231884126440995aecd87b62a600a1fea4fb977c7ca1dd55190
                                  • Instruction Fuzzy Hash: A2F149B2E112198FDF08CF99D8915EEBBB2BFC8310B29826ED41667344DB346D05CB95
                                  Function 004B6380 Relevance: .3, Instructions: 305COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0a7fb0066ca0e63ce1a3140edfe9943461d3f2e4af0e2cb6d3b63da6b91ab0d1
                                  • Instruction ID: b44fcc7ce13d6765da29ef4693de0a604283395fac7cf3727fef9bca0c1881a8
                                  • Opcode Fuzzy Hash: 0a7fb0066ca0e63ce1a3140edfe9943461d3f2e4af0e2cb6d3b63da6b91ab0d1
                                  • Instruction Fuzzy Hash: 07E1A551C4CBD891E6274B3D88426E2F3F4BFF9219F15A706EEE422421FB3662C68751
                                  Function 00461250 Relevance: .3, Instructions: 282COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f0ba32d3d0f547d4e0c0c2ee68133de1f9df539ce713836f75fcdfe5a29b6232
                                  • Instruction ID: aec3b6c702971bbda01d5f983ffd6c32ec602d3d125e3ae181568633efd48618
                                  • Opcode Fuzzy Hash: f0ba32d3d0f547d4e0c0c2ee68133de1f9df539ce713836f75fcdfe5a29b6232
                                  • Instruction Fuzzy Hash: E5C17B71E04649DFCB04CFA8C880AACFBB1BF59310F18826EE856E7351E734A955CB95
                                  Function 0045C4C0 Relevance: .2, Instructions: 215COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 66c816971dc4f363f466b11f2f4d5d7ddc684e31de2e014f784be5717bcb0236
                                  • Instruction ID: df46be6a361dd8f15a6f1edf4f2d8fac6e56a2b7ec9f979b005a651a2e3504fb
                                  • Opcode Fuzzy Hash: 66c816971dc4f363f466b11f2f4d5d7ddc684e31de2e014f784be5717bcb0236
                                  • Instruction Fuzzy Hash: 1B715372E1061A9FCB14CFADC9805AEB7F1FB88314F15822AE816E7345E774E905CB94
                                  Function 0044E020 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0044E070
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0044E092
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0044E0BA
                                  • std::_Facet_Register.LIBCPMT ref: 0044E1D0
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0044E1FA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                  • String ID: cC$`aC$p]C
                                  • API String ID: 459529453-2177106863
                                  • Opcode ID: a449d14724036c8b5d7dcc6e3f8f606a5f6c47b464cfe817b38abf7381c673d4
                                  • Instruction ID: 1ff138599dd9b712ad814e44402e9ca08be03e0a2a2e3ebe43d51928b08ed38c
                                  • Opcode Fuzzy Hash: a449d14724036c8b5d7dcc6e3f8f606a5f6c47b464cfe817b38abf7381c673d4
                                  • Instruction Fuzzy Hash: 99518BB0D00259DBEB10CF99C8457AEBBB4FB18314F24815ED811AB381DB79AA44CBA5
                                  Function 00452250 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 135COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0045228D
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 004522AF
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 004522D7
                                  • __Getcoll.LIBCPMT ref: 0045239F
                                  • std::_Facet_Register.LIBCPMT ref: 004523EB
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00452415
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                  • String ID: `aC$p]C
                                  • API String ID: 1184649410-1363152631
                                  • Opcode ID: bcac19400a142c5d17f9bc7acd982912d16d1a9c65db466b0de63643df1b93e3
                                  • Instruction ID: 568a7e1164ae6cef3cf0599e82aad122ccc02b6897634e5ab4797aad8f19cd87
                                  • Opcode Fuzzy Hash: bcac19400a142c5d17f9bc7acd982912d16d1a9c65db466b0de63643df1b93e3
                                  • Instruction Fuzzy Hash: 49518B70800208DFDB01DF95C9457DEBBB4FF55318F24815ED805AB282DBB9AE49CBA9
                                  Function 0047C6C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 128COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0047C6FD
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0047C71F
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0047C747
                                  • std::_Facet_Register.LIBCPMT ref: 0047C834
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0047C85E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                  • String ID: `aC$p]C
                                  • API String ID: 459529453-1363152631
                                  • Opcode ID: e866effaa90865aaaa30be5826de822518346297a390443dd29a39b403041da2
                                  • Instruction ID: 399bbb442a0c6c40ac274560e971594f6ebfe9651e6100c107b7a0aaef0602e2
                                  • Opcode Fuzzy Hash: e866effaa90865aaaa30be5826de822518346297a390443dd29a39b403041da2
                                  • Instruction Fuzzy Hash: 2C517A71900249DFDB15CF99C580BEEBBB4EB15318F24805ED409AB381DB79AE09CF95
                                  Function 0047D190 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99networkfileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InternetOpenW.WININET(File Downloader,00000001,00000000,00000000,00000000), ref: 0047D22D
                                  • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 0047D256
                                  • InternetReadFile.WININET(00000000,?,00001000,00000000), ref: 0047D27C
                                  • InternetReadFile.WININET(00000000,?,00001000,00000000), ref: 0047D2B2
                                  • InternetCloseHandle.WININET(00000000), ref: 0047D2B9
                                  • InternetCloseHandle.WININET(?), ref: 0047D2C5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Internet$CloseFileHandleOpenRead
                                  • String ID: File Downloader
                                  • API String ID: 4038090926-3631955488
                                  • Opcode ID: 811208fdf33a36e9be3e42b468326af56e319a1deb0617af28b90d4cff8a8570
                                  • Instruction ID: 638e9360adee8abd238f5bb9f06079602c51a7af3a4d5d450420b7b82b1eb562
                                  • Opcode Fuzzy Hash: 811208fdf33a36e9be3e42b468326af56e319a1deb0617af28b90d4cff8a8570
                                  • Instruction Fuzzy Hash: 5B318370A01655ABD730CF55CC45BEAB7B8EF44700F1041AAF549E7290DBB8AE84DFA8
                                  Function 004AD600 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                  Download Yara Rule
                                  APIs
                                  • _ValidateLocalCookies.LIBCMT ref: 004AD637
                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 004AD63F
                                  • _ValidateLocalCookies.LIBCMT ref: 004AD6C8
                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 004AD6F3
                                  • _ValidateLocalCookies.LIBCMT ref: 004AD748
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                  • String ID: csm
                                  • API String ID: 1170836740-1018135373
                                  • Opcode ID: 255d3a1bd88e468a9ea08ee1f7f85cdc8f29e10e22a0162dea8eb7e65443c785
                                  • Instruction ID: fca86a332ffc7d642b39a5fdc798139505592cae81a3a9a41e25a428a24f43dc
                                  • Opcode Fuzzy Hash: 255d3a1bd88e468a9ea08ee1f7f85cdc8f29e10e22a0162dea8eb7e65443c785
                                  • Instruction Fuzzy Hash: 2741D834E002089BCF10DF69C880A9E7BB5BF66318F14815BE81A5B752D739EA01CF95
                                  Function 00436640 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 72COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004366E9
                                    • Part of subcall function 004AFA0C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0043FE44,?,?,?,004B9080,0043FE44,00513AB0,?,0043FE44,?,?,0000000C,14DA7ED4), ref: 004AFA6C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                  • String ID: (>Q$0hC$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                  • API String ID: 1903096808-798308736
                                  • Opcode ID: 0ed2678322210cc8cc3a07b91dadb1e30d188d3d66194e55af3b44069607d8cc
                                  • Instruction ID: 0e9c3b5a5aba75944b05d252eccadd5948fd44e578ec9c0118fa22ff265feac2
                                  • Opcode Fuzzy Hash: 0ed2678322210cc8cc3a07b91dadb1e30d188d3d66194e55af3b44069607d8cc
                                  • Instruction Fuzzy Hash: 4E1122B29046487BD710DB59DC02FAA7398EB09754F04862FFD58872C1EB3DA90487AA
                                  Function 0049D57F Relevance: 9.3, APIs: 6, Instructions: 329COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8a850e4bd8366f6602f7f439948ddd996ec0ba155590deffeea4e3919eff859f
                                  • Instruction ID: c45b587b2b6024bbc8d631f61cfde13028adc071dc65d72902c8bf59655bd6a7
                                  • Opcode Fuzzy Hash: 8a850e4bd8366f6602f7f439948ddd996ec0ba155590deffeea4e3919eff859f
                                  • Instruction Fuzzy Hash: 64B13572D00255AFDF11DF64CC81BAA7FA5EF55310F1441BBE454AB382D2789D01C7A9
                                  Function 004A2113 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 370COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __freea$__alloca_probe_16
                                  • String ID: a/p$am/pm
                                  • API String ID: 3509577899-3206640213
                                  • Opcode ID: 35938f08404c0012c28b8581547da92bcaa7faac22c368983132e0e6ea66d68e
                                  • Instruction ID: 1d0f90a389a6ddb01c6eee3cfed114d4cdbff39c5c4e16d1e763b1923b69fac5
                                  • Opcode Fuzzy Hash: 35938f08404c0012c28b8581547da92bcaa7faac22c368983132e0e6ea66d68e
                                  • Instruction Fuzzy Hash: 32C1BF35904212AADB298F6CCA947BB77B0FF2B300F14405BE905AB750D3BD9D42EB59
                                  Function 004B82A1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNEL32(kernel32.dll,14DA7ED4,?,?,004CEC14,000000FF,?,004B87C4,00000105,?,00000000,?,?,?,0047FCE3), ref: 004B82C9
                                  • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004B82D5
                                  • GetTempPathW.KERNEL32(?,?,004CEC14,000000FF,?,004B87C4,00000105,?,00000000,?,?,?,0047FCE3,?,00000105,?), ref: 004B82F5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AddressHandleModulePathProcTemp
                                  • String ID: GetTempPath2W$kernel32.dll
                                  • API String ID: 775647363-1846531799
                                  • Opcode ID: f1cf7476179f5a48e5f157bd4a6fca76b08ed530dfc52bf4d8c2badd71eabe8a
                                  • Instruction ID: 490c9918516094a75be01d3e1b1e27de5ce3fa518d230e70400d3a931493a6c9
                                  • Opcode Fuzzy Hash: f1cf7476179f5a48e5f157bd4a6fca76b08ed530dfc52bf4d8c2badd71eabe8a
                                  • Instruction Fuzzy Hash: C2F03A36A44654EFCB159F54EC05F9A7BA8FB09B60F008127EC16937A0DB79A800CB98
                                  Function 004B9258 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                  Download Yara Rule
                                  APIs
                                  • __EH_prolog3.LIBCMT ref: 004B925F
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 004B926A
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 004B92D8
                                    • Part of subcall function 004B93BB: std::locale::_Locimp::_Locimp.LIBCPMT ref: 004B93D3
                                  • std::locale::_Setgloballocale.LIBCPMT ref: 004B9285
                                  • _Yarn.LIBCPMT ref: 004B929B
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                  • String ID:
                                  • API String ID: 1088826258-0
                                  • Opcode ID: 9529708b05f48a18c841b776fc683316fa11b0247fd455af3d56381143c4ee67
                                  • Instruction ID: d57bef6452a6d9f87b7c1f6c81a415e25ff1084f0ba862d3ffc406506ccaed08
                                  • Opcode Fuzzy Hash: 9529708b05f48a18c841b776fc683316fa11b0247fd455af3d56381143c4ee67
                                  • Instruction Fuzzy Hash: 2101BC75A002149BDB09EF21E881ABE3BA5BF95714B18400EE90157381CF78AE42DBE9
                                  Function 0047F2C0 Relevance: 6.5, APIs: 4, Instructions: 457registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegOpenKeyExA.ADVAPI32(80000001,0051C570,00000000,00020019,00000000,?,?,?,14DA7ED4,?,0051C2A0), ref: 0047F4D0
                                  • RegQueryValueExA.ADVAPI32(00000000,0051C2A0,00000000,000F003F,?,00000400,?,?,?,14DA7ED4,?,0051C2A0), ref: 0047F506
                                  • RegCloseKey.ADVAPI32(00000000,?,?,?,14DA7ED4,?,0051C2A0), ref: 0047F5A4
                                  • SysFreeString.OLEAUT32 ref: 0047FA14
                                    • Part of subcall function 0047A610: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0047A678
                                    • Part of subcall function 0047A610: LocalFree.KERNEL32(?,00000000), ref: 0047A70F
                                    • Part of subcall function 004870B0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,14DA7ED4,0051C570,0051C2A0), ref: 00487182
                                    • Part of subcall function 004870B0: RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeOpenQueryValue$CloseCryptDataLocalStringUnprotect
                                  • String ID:
                                  • API String ID: 2380017125-0
                                  • Opcode ID: 7e960be66b091ef9db7ed46c6c44e7fe4e219e6aac80b315f3a2b635f0fdeb0e
                                  • Instruction ID: 56cbdaf4eb2024de0fd4bd59dbcd72090a4e5b75bdf23aa4f75e7a392944198d
                                  • Opcode Fuzzy Hash: 7e960be66b091ef9db7ed46c6c44e7fe4e219e6aac80b315f3a2b635f0fdeb0e
                                  • Instruction Fuzzy Hash: 24122BF0E002689BDB24DF24CC5479DB7B5AF44318F1086EAD64DA7282DB346E88CF59
                                  Function 0049B476 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetConsoleOutputCP.KERNEL32(14DA7ED4,00000000,00000000,00000000), ref: 0049B4D9
                                    • Part of subcall function 004A1489: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0049B05F,?,00000000,-00000008), ref: 004A14EA
                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0049B72B
                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0049B771
                                  • GetLastError.KERNEL32 ref: 0049B814
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                  • String ID:
                                  • API String ID: 2112829910-0
                                  • Opcode ID: aef57a059a08420b8d5dfae5096d35553b8056bffb0ce8bb8e63412c3f54050f
                                  • Instruction ID: 17746d06032e39ca1db24970b21defb679d9c3d722e4804f7fdb3bafa319cb4d
                                  • Opcode Fuzzy Hash: aef57a059a08420b8d5dfae5096d35553b8056bffb0ce8bb8e63412c3f54050f
                                  • Instruction Fuzzy Hash: 15D17A75D002489FCF05CFE9E980AEDBBB5EF49314F18816AE425EB351D734A906CB94
                                  Function 00478300 Relevance: 6.3, APIs: 4, Instructions: 321COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00477B00: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,14DA7ED4,?,?), ref: 00477B54
                                    • Part of subcall function 00477B00: Process32FirstW.KERNEL32(00000000,?), ref: 00477BB9
                                    • Part of subcall function 00477B00: CloseHandle.KERNEL32(00000000), ref: 00477E84
                                  • ImpersonateLoggedOnUser.ADVAPI32(00000000,14DA7ED4,?,00000000), ref: 00478391
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CloseCreateFirstHandleImpersonateLoggedProcess32SnapshotToolhelp32User
                                  • String ID:
                                  • API String ID: 1507787261-0
                                  • Opcode ID: ebec02cd2df44e7bd4fb65aecaaffec3bb885a70c3ad5895e8640ffefb46c4a4
                                  • Instruction ID: e502c6a69380433c55fd31efa36561dbf437e01bd72b95285a5588c942f2c0dc
                                  • Opcode Fuzzy Hash: ebec02cd2df44e7bd4fb65aecaaffec3bb885a70c3ad5895e8640ffefb46c4a4
                                  • Instruction Fuzzy Hash: F5F17070C0428DDEEB15DBA4C8587DDBBB0AF15308F24819ED04977292DB785F88DBA6
                                  Function 004A077A Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 00fa7b59af023eaaf071b224feea6c80f4edf5776798c8ca34953c892f2afd27
                                  • Instruction ID: 6bad779769d7c9384c33fcc5b288381071ef860472916b423066c301ca7f7ee1
                                  • Opcode Fuzzy Hash: 00fa7b59af023eaaf071b224feea6c80f4edf5776798c8ca34953c892f2afd27
                                  • Instruction Fuzzy Hash: D141E675A00704AFDB24AF39CC41B6BBBA9EB99714F20452FF101DB781D77DA9418B88
                                  Function 004AB379 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetEnvironmentStringsW.KERNEL32 ref: 004AB381
                                    • Part of subcall function 004A1489: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0049B05F,?,00000000,-00000008), ref: 004A14EA
                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004AB3B9
                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004AB3D9
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                  • String ID:
                                  • API String ID: 158306478-0
                                  • Opcode ID: 69a85f7ed18cd74047bb984129651c996d53830a83c410699db2c70aab7f3113
                                  • Instruction ID: 352b9fd8ff6adfd48aa864b65f723ba5a946c2f7c3dd1541d1c3166fed4ac287
                                  • Opcode Fuzzy Hash: 69a85f7ed18cd74047bb984129651c996d53830a83c410699db2c70aab7f3113
                                  • Instruction Fuzzy Hash: B21156B19015157E7A1167B65C8AD6F6A5CDE5A398B10403BF801D1203EB7D9D0245BA
                                  Function 004B8430 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                  Download Yara Rule
                                  APIs
                                  • WideCharToMultiByte.KERNEL32(00000001,00000400,14DA7ED4,00000000,00000000,00000000,00000000,00000000,00000001,?,?,0044E5F3,?,?,00000000,00000000), ref: 004B844D
                                  • GetLastError.KERNEL32(?,?,0044E5F3,?,?,00000000,00000000,00000000,14DA7ED4,00000001), ref: 004B8459
                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,14DA7ED4,00000000,00000000,00000000,00000000,00000000,?,?,0044E5F3,?,?,00000000,00000000,00000000), ref: 004B847F
                                  • GetLastError.KERNEL32(?,?,0044E5F3,?,?,00000000,00000000,00000000,14DA7ED4,00000001), ref: 004B848B
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ByteCharErrorLastMultiWide
                                  • String ID:
                                  • API String ID: 203985260-0
                                  • Opcode ID: b17853a5fac4461212df69502fdb333749a3d57a63655a8d7d2491092ae6608b
                                  • Instruction ID: 6b90caf3a67b14ffb57c64759c70b961d31bb881305e702148557666a2de5e43
                                  • Opcode Fuzzy Hash: b17853a5fac4461212df69502fdb333749a3d57a63655a8d7d2491092ae6608b
                                  • Instruction Fuzzy Hash: FB01BF36601156BFCF224F95DC08E9F3F7AEBD9791F118029FA0556220DA31C922EBA5
                                  Function 004A95E5 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000), ref: 004A95FC
                                  • GetLastError.KERNEL32(?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000,00000000,?,0049BE42,?), ref: 004A9608
                                    • Part of subcall function 004A95CE: CloseHandle.KERNEL32(FFFFFFFE,004A9618,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000,00000000), ref: 004A95DE
                                  • ___initconout.LIBCMT ref: 004A9618
                                    • Part of subcall function 004A9590: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004A95BF,004A6707,00000000,?,0049B868,00000000,00000000,00000000,00000000), ref: 004A95A3
                                  • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000), ref: 004A962D
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                  • String ID:
                                  • API String ID: 2744216297-0
                                  • Opcode ID: 798d55b3f7968c96ef430ebc1f18d2e2465c9867b2c7648d7be43d295ef59026
                                  • Instruction ID: 8abc0c58445a332f8c6052495b9482a66327941653e6e46fd38a52645a0d97bb
                                  • Opcode Fuzzy Hash: 798d55b3f7968c96ef430ebc1f18d2e2465c9867b2c7648d7be43d295ef59026
                                  • Instruction Fuzzy Hash: DCF01237441215BBCF521F91DC09ACE3F66EF19364F024426FA2C86120C6368D60DB94
                                  Function 004B01F1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • EncodePointer.KERNEL32(00000000,?), ref: 004B0216
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.1863047664.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_400000_gem1.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: EncodePointer
                                  • String ID: MOC$RCC
                                  • API String ID: 2118026453-2084237596
                                  • Opcode ID: f6a5424a3b0add0d67cdb7a4433499b834c2692f3a3c89efa9c8eec31821c917
                                  • Instruction ID: 70788f387beb527cb8114cdc5e5f216b8ccff70d73c61da87df7ae4bd57bd2ae
                                  • Opcode Fuzzy Hash: f6a5424a3b0add0d67cdb7a4433499b834c2692f3a3c89efa9c8eec31821c917
                                  • Instruction Fuzzy Hash: EE415871900209AFCF16CF98CD85AEEBBB5FF48305F18809AFA0567211D3399950DB68