Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1E3Vcm2yrA.exe

Overview

General Information

Sample name:1E3Vcm2yrA.exe
renamed because original name is a hash value
Original sample name:d5552a55f1ed92076d5448a74a21b0c1.exe
Analysis ID:1589495
MD5:d5552a55f1ed92076d5448a74a21b0c1
SHA1:87cd27f843037a77b721f3399cd76525313efcdf
SHA256:355084b6583f9918755201f6e54fdee4d49d5dcb3e59c5fac055513a4ec37520
Tags:exeuser-abuse_ch
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
Checks if the current machine is a virtual machine (disk enumeration)
Detected potential unwanted application
Drops PE files with a suspicious file extension
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Uncommon Svchost Parent Process
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • 1E3Vcm2yrA.exe (PID: 7536 cmdline: "C:\Users\user\Desktop\1E3Vcm2yrA.exe" MD5: D5552A55F1ED92076D5448A74A21B0C1)
    • cmd.exe (PID: 7616 cmdline: "C:\Windows\System32\cmd.exe" /c move Levels Levels.cmd & Levels.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7668 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7676 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7712 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7720 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7756 cmdline: cmd /c md 22694 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 7772 cmdline: extrac32 /Y /E Heroes MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 7804 cmdline: findstr /V "AL" Speaks MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7820 cmdline: cmd /c copy /b 22694\Hunt.com + Actors + Competition + Millions + Operates + Wendy + Ships + Ram + Sewing + Groups + Xnxx 22694\Hunt.com MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • cmd.exe (PID: 7836 cmdline: cmd /c copy /b ..\Lie + ..\Scary + ..\Performing + ..\Facial + ..\Omega + ..\Driven + ..\Litigation + ..\Addressing + ..\Calendar D MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Hunt.com (PID: 7852 cmdline: Hunt.com D MD5: 62D09F076E6E0240548C2F837536A46A)
        • svchost.exe (PID: 7216 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
          • fontdrvhost.exe (PID: 3940 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
            • WerFault.exe (PID: 7204 cmdline: C:\Windows\system32\WerFault.exe -u -p 3940 -s 144 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
        • WerFault.exe (PID: 4484 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 988 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • choice.exe (PID: 7868 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000011.00000003.1986327678.00000000031D0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000011.00000002.2058712787.0000000003680000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000011.00000003.1990494240.0000000005580000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000011.00000003.1990665098.00000000057A0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          Process Memory Space: svchost.exe PID: 7216JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            17.3.svchost.exe.57a0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              17.3.svchost.exe.5580000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                17.3.svchost.exe.5580000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  17.3.svchost.exe.5580000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Uncommon Svchost Parent Process
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: Hunt.com D, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.com, ParentProcessId: 7852, ParentProcessName: Hunt.com, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 7216, ProcessName: svchost.exe
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: Hunt.com D, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.com, ParentProcessId: 7852, ParentProcessName: Hunt.com, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 7216, ProcessName: svchost.exe

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Sigma detected: Search for Antivirus process
                    Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Levels Levels.cmd & Levels.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7616, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7720, ProcessName: findstr.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-12T17:22:34.648169+010028548021Domain Observed Used for C2 Detected154.216.18.1695586192.168.2.449742TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Multi AV Scanner detection for submitted file
                    Source: 1E3Vcm2yrA.exeVirustotal: Detection: 38%Perma Link
                    Source: 1E3Vcm2yrA.exeReversingLabs: Detection: 42%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.9% probability
                    Source: 1E3Vcm2yrA.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 1E3Vcm2yrA.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: wkernel32.pdb source: svchost.exe, 00000011.00000003.1989955906.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1990288577.00000000056A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000011.00000003.1990494240.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1990665098.00000000057A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdb source: svchost.exe, 00000011.00000003.1987255253.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1987608690.0000000005770000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000011.00000003.1989003267.0000000005720000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1988235306.0000000005580000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdbUGP source: svchost.exe, 00000011.00000003.1987255253.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1987608690.0000000005770000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: svchost.exe, 00000011.00000003.1989003267.0000000005720000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1988235306.0000000005580000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdbUGP source: svchost.exe, 00000011.00000003.1990494240.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1990665098.00000000057A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernel32.pdbUGP source: svchost.exe, 00000011.00000003.1989955906.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1990288577.00000000056A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp21_2_0000027FBA4A0511

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.18.169:5586 -> 192.168.2.4:49742
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 154.216.18.169 5586Jump to behavior
                    Source: global trafficTCP traffic: 192.168.2.4:49742 -> 154.216.18.169:5586
                    Source: Joe Sandbox ViewASN Name: SKHT-ASShenzhenKatherineHengTechnologyInformationCo SKHT-ASShenzhenKatherineHengTechnologyInformationCo
                    Source: unknownDNS traffic detected: query: sKVJpeNVvVOkoBPztd.sKVJpeNVvVOkoBPztd replaycode: Name error (3)
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.216.18.169
                    Source: global trafficDNS traffic detected: DNS query: sKVJpeNVvVOkoBPztd.sKVJpeNVvVOkoBPztd
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://ccsca2021.ocsp-certum.com05
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://repository.certum.pl/ctnca.cer09
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://subca.ocsp-certum.com01
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://subca.ocsp-certum.com02
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://subca.ocsp-certum.com05
                    Source: Amcache.hve.23.drString found in binary or memory: http://upx.sf.net
                    Source: Hunt.com, 0000000C.00000000.1748412659.00000000003D5000.00000002.00000001.01000000.00000008.sdmp, Groups.8.dr, Hunt.com.1.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: http://www.certum.pl/CPS0
                    Source: svchost.exe, 00000011.00000003.2057443921.000000000350C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.2058419383.0000000003504000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.2057900908.0000000002DDC000.00000004.00000010.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000015.00000002.2234883949.0000027FBA4A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://154.216.18.169:5586/bc9bf2d44d45cc63/4822q3wa.b7epi
                    Source: svchost.exe, 00000011.00000003.2057443921.000000000350C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.2058419383.0000000003504000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000015.00000002.2234883949.0000027FBA4A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://154.216.18.169:5586/bc9bf2d44d45cc63/4822q3wa.b7epikernelbasentdllkernel32GetProcessMitigati
                    Source: svchost.exe, 00000011.00000002.2057900908.0000000002DDC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://154.216.18.169:5586/bc9bf2d44d45cc63/4822q3wa.b7epix
                    Source: svchost.exe, 00000011.00000003.2023353754.00000000035A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                    Source: svchost.exe, 00000011.00000003.2023353754.00000000035A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                    Source: Xnxx.8.dr, Hunt.com.1.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                    Source: 1E3Vcm2yrA.exeString found in binary or memory: https://www.certum.pl/CPS0
                    Source: Hunt.com.1.drString found in binary or memory: https://www.globalsign.com/repository/0
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050CD
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
                    Source: svchost.exe, 00000011.00000003.1990494240.0000000005580000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_419ebd56-5
                    Source: svchost.exe, 00000011.00000003.1990494240.0000000005580000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_3cd6cb07-6
                    Source: Yara matchFile source: 17.3.svchost.exe.57a0000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.3.svchost.exe.5580000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.3.svchost.exe.5580000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.3.svchost.exe.5580000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000011.00000003.1990494240.0000000005580000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000003.1990665098.00000000057A0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7216, type: MEMORYSTR

                    System Summary

                    barindex
                    Detected potential unwanted application
                    Source: 1E3Vcm2yrA.exePE Siganture Subject Chain: E=marek@freecommander.com, CN=Marek Jasi\u0144ski, O=Marek Jasi\u0144ski, S=Bayern, C=DE
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 21_2_0000027FBA4A1AA4 NtAcceptConnectPort,NtAcceptConnectPort,21_2_0000027FBA4A1AA4
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 21_2_0000027FBA4A1CF4 NtAcceptConnectPort,CloseHandle,21_2_0000027FBA4A1CF4
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 21_2_0000027FBA4A0AC8 NtAcceptConnectPort,NtAcceptConnectPort,21_2_0000027FBA4A0AC8
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 21_2_0000027FBA4A15C0 NtAcceptConnectPort,21_2_0000027FBA4A15C0
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_00403883
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeFile created: C:\Windows\RrSurfJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeFile created: C:\Windows\PhotographicViennaJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeFile created: C:\Windows\HrModeratorJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeFile created: C:\Windows\HttpCoreJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeFile created: C:\Windows\NailMillsJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_3_007F3AF80_3_007F3AF8
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_0040497C0_2_0040497C
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_00406ED20_2_00406ED2
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_004074BB0_2_004074BB
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 21_2_0000027FBA4A0C7021_2_0000027FBA4A0C70
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: String function: 004062A3 appears 57 times
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 988
                    Source: 1E3Vcm2yrA.exeStatic PE information: invalid certificate
                    Source: 1E3Vcm2yrA.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: classification engineClassification label: mal100.troj.evad.winEXE@32/30@1/1
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\LieJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7624:120:WilError_03
                    Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-f41cbbab-3d62-9dd554-933d1a201ee6}
                    Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3940
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeFile created: C:\Users\user\AppData\Local\Temp\nsf4C7F.tmpJump to behavior
                    Source: 1E3Vcm2yrA.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: 1E3Vcm2yrA.exeVirustotal: Detection: 38%
                    Source: 1E3Vcm2yrA.exeReversingLabs: Detection: 42%
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeFile read: C:\Users\user\Desktop\1E3Vcm2yrA.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\1E3Vcm2yrA.exe "C:\Users\user\Desktop\1E3Vcm2yrA.exe"
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Levels Levels.cmd & Levels.cmd
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 22694
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Heroes
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "AL" Speaks
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 22694\Hunt.com + Actors + Competition + Millions + Operates + Wendy + Ships + Ram + Sewing + Groups + Xnxx 22694\Hunt.com
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Lie + ..\Scary + ..\Performing + ..\Facial + ..\Omega + ..\Driven + ..\Litigation + ..\Addressing + ..\Calendar D
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.com Hunt.com D
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 988
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                    Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3940 -s 144
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Levels Levels.cmd & Levels.cmdJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 22694Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E HeroesJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "AL" Speaks Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 22694\Hunt.com + Actors + Competition + Millions + Operates + Wendy + Ships + Ram + Sewing + Groups + Xnxx 22694\Hunt.comJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Lie + ..\Scary + ..\Performing + ..\Facial + ..\Omega + ..\Driven + ..\Litigation + ..\Addressing + ..\Calendar DJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.com Hunt.com DJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: shfolder.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: wsock32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: napinsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: pnrpnsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: wshbth.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: nlaapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: winrnr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: devobj.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: drprov.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntlanman.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: davclnt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: davhlpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: 1E3Vcm2yrA.exeStatic file information: File size 1248132 > 1048576
                    Source: 1E3Vcm2yrA.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: wkernel32.pdb source: svchost.exe, 00000011.00000003.1989955906.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1990288577.00000000056A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000011.00000003.1990494240.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1990665098.00000000057A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdb source: svchost.exe, 00000011.00000003.1987255253.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1987608690.0000000005770000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000011.00000003.1989003267.0000000005720000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1988235306.0000000005580000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdbUGP source: svchost.exe, 00000011.00000003.1987255253.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1987608690.0000000005770000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: svchost.exe, 00000011.00000003.1989003267.0000000005720000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1988235306.0000000005580000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdbUGP source: svchost.exe, 00000011.00000003.1990494240.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1990665098.00000000057A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernel32.pdbUGP source: svchost.exe, 00000011.00000003.1989955906.0000000005580000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.1990288577.00000000056A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
                    Source: 1E3Vcm2yrA.exeStatic PE information: real checksum: 0x13817a should be: 0x1332f9
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_3_007FCE7E push ebp; iretd 0_3_007FCE7F
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_3_007FA667 push ebp; iretd 0_3_007FA668
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_3_007FA651 push ebp; iretd 0_3_007FA652
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_3_007FCB24 push ebp; iretd 0_3_007FCB25
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_3_007FCB0E push ebp; iretd 0_3_007FCB0F
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_3_007F7904 push 66007F5Eh; ret 0_3_007F7909
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_3_007FA6B1 push ebp; iretd 0_3_007FA6B2
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_3_007FCE94 push ebp; iretd 0_3_007FCE95
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_03016F0F push esi; ret 17_3_03016F21
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_0301296C push edi; ret 17_3_03012978
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_03011179 push FFFFFF82h; iretd 17_3_0301117B
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_0301437B push edi; ret 17_3_0301434C
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_03014D81 push esi; ret 17_3_03014DEA
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_03010FEA push eax; ret 17_3_03010FF5
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_0301225C push eax; ret 17_3_0301225D
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_03012CB9 push ecx; ret 17_3_03012CD9

                    Persistence and Installation Behavior

                    barindex
                    Drops PE files with a suspicious file extension
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comJump to dropped file
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comJump to dropped file
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Checks if the current machine is a virtual machine (disk enumeration)
                    Source: C:\Windows\SysWOW64\svchost.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
                    Query firmware table information (likely to detect VMs)
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Switches to a custom stack to bypass stack traces
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comAPI/Special instruction interceptor: Address: 7FFE2220D044
                    Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                    Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 5ADB83A
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: svchost.exe, 00000011.00000002.2058419383.0000000003500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EIDA.EXEIDA64.EXEIMMUNITYDEBUGGER.EXEWINDUMP.EXEX64DBG.EXEX32DBG.E
                    Source: svchost.exe, 00000011.00000002.2058419383.0000000003500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HACKER.EXEIDAQ64.EXEAUTORUNS.EXEDUMPCAP.EXEDE4Y
                    Source: svchost.exe, 00000011.00000002.2058419383.0000000003500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
                    Source: svchost.exe, 00000011.00000002.2058419383.0000000003500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AUTORUNS.EXE
                    Source: svchost.exe, 00000011.00000002.2058419383.0000000003500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WINDUMP.EXE
                    Source: svchost.exe, 00000011.00000002.2058419383.0000000003500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: VBoxGuestJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: IdentifierJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: C:\Windows\SysWOW64\vboxservice.exeJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: C:\Windows\SysWOW64\vboxtray.exeJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: C:\Windows\SysWOW64\drivers\VBoxMouse.sysJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: VBoxTrayIPCJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: C:\Windows\SysWOW64\drivers\VBoxSF.sysJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: C:\Windows\SysWOW64\vboxhook.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosDateJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: \pipe\VBoxTrayIPCJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: C:\Windows\SysWOW64\drivers\VBoxVideo.sysJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: VBoxMiniRdrDNJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: C:\Windows\SysWOW64\drivers\VBoxGuest.sysJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                    Source: Amcache.hve.23.drBinary or memory string: VMware
                    Source: svchost.exe, 00000011.00000002.2058295842.000000000345D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JMicrosoft-Windows-GPIO-ClassExtensionHMicrosoft-Windows-Hyper-V-HypervisorHMicrosoft-Antimalware-ShieldProvider>Microsoft-Windows-BitLocker-APIx.dllDMicrosoft-Windows-IsolatedUserMode@Microsoft-Windows-Kernel-General
                    Source: Amcache.hve.23.drBinary or memory string: VMware Virtual USB Mouse
                    Source: Amcache.hve.23.drBinary or memory string: vmci.syshbin
                    Source: Amcache.hve.23.drBinary or memory string: VMware, Inc.
                    Source: svchost.exe, 00000011.00000002.2058295842.0000000003475000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: RSVP TCP Service ProviderUASPStorUmRdpServiceusbaudio2usbehciusbserUser32VDS Basic ProviderVDS Dynamic ProviderVDS Virtual Disk ProviderVirtual Disk ServicevmcivolmgrVolsnapvpcivsmraidVSTXRAIDW32TimeWacomPenWalletServicewdf01000wecsvcWin32kWinDefendWindows Disk DiagnosticWindows Script HostWinHttpAutoProxySvcWinNatWinRMWMIxWDMWMPNetworkSvcWorkstationWPDClassInstallerC:\Windows\System32\Winevt\Logs\System.evtx2023
                    Source: svchost.exe, 00000011.00000002.2058390897.0000000003486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmciVersionEnabledEnabled0
                    Source: Amcache.hve.23.drBinary or memory string: VMware20,1hbin@
                    Source: Amcache.hve.23.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                    Source: Amcache.hve.23.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: Amcache.hve.23.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                    Source: svchost.exe, 00000011.00000002.2058295842.000000000345D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2012684908.0000000003471000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: en-U>Microsoft-Windows-BitLocker-APIHMicrosoft-Windows-Devices-Background>Microsoft-Windows-DHCPv6-Client@Microsoft-Windows-EventCollectorHMicrosoft-Antimalware-ShieldProvider>Microsoft-Windows-FilterManagerJMicrosoft-Windows-GPIO-ClassExtensionHMicrosoft-Windows-Hyper-V-HypervisorDMicrosoft-Windows-IsolatedUserModeBMicrosoft-Windows-WLAN-AutoConfig>Microsoft-Windows-USB-MAUSBHOSTen-UHMicrosoft-Windows-SPB-ClassExtensionJMicrosoft-Windows-Power-Meter-Polling@Microsoft-Windows-Kernel-General>Microsoft-Windows-OverlayFilter@Microsoft-Windows-Spell-Checking>Microsoft-Windows-SetupPlatform>Microsoft-Windows-TaskScheduler<Microsoft-Windows-Kernel-PowerFMicrosoft-Windows-LanguagePackSetup<Microsoft-Windows-SpellChecker<Microsoft-Windows-OfflineFilesJMicrosoft-Windows-ResourcePublication>Microsoft-Windows-StartupRepair<Microsoft-Windows-Time-Service>Microsoft-Windows-NetworkBridgeJMicrosoft-Windows-WindowsUpdateClientBMicrosoft-Windows-WLAN-AutoConfig
                    Source: svchost.exe, 00000011.00000002.2058244553.0000000003412000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: Amcache.hve.23.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: Amcache.hve.23.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                    Source: Amcache.hve.23.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                    Source: svchost.exe, 00000011.00000002.2058295842.0000000003475000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rosoft-Windows-DHCPv6-ClientMicrosoft-Windows-Diagnostics-NetworkingMicrosoft-Windows-Directory-Services-SAMMicrosoft-Windows-DiskDiagnosticMicrosoft-Windows-DistributedCOMMicrosoft-Windows-DNS-ClientMicrosoft-Windows-DriverFrameworks-UserModeMicrosoft-Windows-EnhancedStorage-EhStorTcgDrvMicrosoft-Windows-EventCollectorMicrosoft-Windows-EventlogMicrosoft-Windows-exFAT-SQMMicrosoft-Windows-FailoverClustering-ClientMicrosoft-Windows-Fat-SQMMicrosoft-Windows-Fault-Tolerant-HeapMicrosoft-Windows-FilterManagerMicrosoft-Windows-FirewallMicrosoft-Windows-FMSMicrosoft-Windows-FunctionDiscoveryHostMicrosoft-Windows-GPIO-ClassExtensionMicrosoft-Windows-GroupPolicyMicrosoft-Windows-HALMicrosoft-Windows-HttpEventMicrosoft-Windows-HttpServiceMicrosoft-Windows-Hyper-V-HypervisorMicrosoft-Windows-IphlpsvcMicrosoft-Windows-IsolatedUserModeMicrosoft-Windows-Kernel-BootMicrosoft-Windows-Kernel-GeneralMicrosoft-Windows-Kernel-Interrupt-SteeringMicrosoft-Windows-Kernel-IOMicrosoft-Windows-Kernel-PnPMicrosoft-Windows-Kernel-PowerMicrosoft-Windows-Kernel-Processor-PowerMicrosoft-Windows-Kernel-TmMicrosoft-Windows-Kernel-WHEAMicrosoft-Windows-Kernel-XDVMicrosoft-Wi
                    Source: Amcache.hve.23.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: Amcache.hve.23.drBinary or memory string: vmci.sys
                    Source: Amcache.hve.23.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                    Source: svchost.exe, 00000011.00000003.2012596449.0000000003474000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CorruptedFileRecovery-ClientMicrosoft-Windows-CorruptedFileRecovery-ServerMicrosoft-Windows-Devices-BackgroundMicrosoft-Windows-DfsSvcMicrosoft-Windows-Dhcp-ClientMicrosoft-Windows-DHCPv6-ClientMicrosoft-Windows-Diagnostics-NetworkingMicrosoft-Windows-Directory-Services-SAMMicrosoft-Windows-DiskDiagnosticMicrosoft-Windows-DistributedCOMMicrosoft-Windows-DNS-ClientMicrosoft-Windows-DriverFrameworks-UserModeMicrosoft-Windows-EnhancedStorage-EhStorTcgDrvMicrosoft-Windows-EventCollectorMicrosoft-Windows-EventlogMicrosoft-Windows-exFAT-SQMMicrosoft-Windows-FailoverClustering-ClientMicrosoft-Windows-Fat-SQMMicrosoft-Windows-Fault-Tolerant-HeapMicrosoft-Windows-FilterManagerMicrosoft-Windows-FirewallMicrosoft-Windows-FMSMicrosoft-Windows-FunctionDiscoveryHostMicrosoft-Windows-GPIO-ClassExtensionMicrosoft-Windows-GroupPolicyMicrosoft-Windows-HALMicrosoft-Windows-HttpEventMicrosoft-Windows-HttpServiceMicrosoft-Windows-Hyper-V-HypervisorMicrosoft-Windows-IphlpsvcMicrosoft-Windows-IsolatedUserModeMicrosoft-Windows-Kernel-BootMicrosoft-Windows-Kernel-GeneralMicrosoft-Windows-Kernel-Interrupt-SteeringMicrosoft-Windows-Kernel-IOMicrosoft-Windows-Kernel-PnPMicrosoft-Windows-Kernel-PowerMicrosoft-Windows-Kernel-Processor-PowerMicrosoft-Windows-Kernel-TmMicrosoft-Windows-Kernel-WHEAMicrosoft-Windows-Kernel-XDVMicrosoft-Windows-LanguagePackSetupMicrosoft-Windows-Memory-Diagnostic-Task-HandlerMicrosoft-Windows-MemoryDiagnostics-ResultsMicrosoft-Windows-MemoryDiagnostics-ScheduleMicrosoft-Windows-MountMgrMicrosoft-Windows-NDISMicrosoft-Windows-NdisImPlatformSysEvtProviderMicrosoft-Windows-NetworkBridgeMicrosoft-Windows-NtfsMicrosoft-Windows-Ntfs-UBPMMicrosoft-Windows-OfflineFilesMicrosoft-Windows-OverlayFilterMicrosoft-Windows-PersistentMemory-NvdimmMicrosoft-Windows-PersistentMemory-PmemDiskMicrosoft-Windows-Power-Meter-PollingMicrosoft-Windows-Power-TroubleshooterMicrosoft-Windows-ReFSMicrosoft-Windows-ReFS-v1Microsoft-Windows-ResetEngMicrosoft-Windows-Resource-Exhaustion-DetectorMicrosoft-Windows-ResourcePublicationMicrosoft-Windows-SCPNPMicrosoft-Windows-Serial-ClassExtensionMicrosoft-Windows-Serial-ClassExtension-V2Microsoft-Windows-ServicingMicrosoft-Windows-SetupMicrosoft-Windows-SetupPlatformMicrosoft-Windows-SPB-ClassExtensionMicrosoft-Windows-SPB-HIDI2CMicrosoft-Windows-Spell-CheckingMicrosoft-Windows-SpellCheckerMicrosoft-Windows-StartupRepairMicrosoft-Windows-Subsys-SMSSMicrosoft-Windows-TaskSchedulerMicrosoft-Windows-TerminalServices-LocalSessionManagerMicrosoft-Windows-TerminalServices-RemoteConnectionManagerMicrosoft-Windows-Time-ServiceMicrosoft-Windows-TPM-WMIMicrosoft-Windows-USB-CCIDMicrosoft-Windows-USB-MAUSBHOSTMicrosoft-Windows-USB-USBHUB3Microsoft-Windows-USB-USBXHCIMicrosoft-Windows-UserModePowerServiceMicrosoft-Windows-UserPnpMicrosoft-Windows-WHEA-LoggerMicrosoft-Windows-Windows Firewall With Advanced SecurityMicrosoft-Windows-WindowsToGo-StartupOptionsMicrosoft-Windows-WindowsUpdateClientMicrosoft-Windows-WininitMicrosoft-Windows-WinlogonM
                    Source: Amcache.hve.23.drBinary or memory string: vmci.syshbin`
                    Source: Amcache.hve.23.drBinary or memory string: \driver\vmci,\driver\pci
                    Source: svchost.exe, 00000011.00000002.2058295842.0000000003475000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2012684908.0000000003471000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2012596449.0000000003478000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2013183122.0000000003474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000003.2012596449.0000000003474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.2058295842.0000000003478000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft-Windows-Hyper-V-Hypervisor
                    Source: Amcache.hve.23.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: svchost.exe, 00000011.00000003.1990665098.00000000057A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                    Source: Amcache.hve.23.drBinary or memory string: VMware20,1
                    Source: Amcache.hve.23.drBinary or memory string: Microsoft Hyper-V Generation Counter
                    Source: Amcache.hve.23.drBinary or memory string: NECVMWar VMware SATA CD00
                    Source: Amcache.hve.23.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                    Source: Amcache.hve.23.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                    Source: Amcache.hve.23.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                    Source: Amcache.hve.23.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                    Source: Amcache.hve.23.drBinary or memory string: VMware PCI VMCI Bus Device
                    Source: Amcache.hve.23.drBinary or memory string: VMware VMCI Bus Device
                    Source: Amcache.hve.23.drBinary or memory string: VMware Virtual RAM
                    Source: svchost.exe, 00000011.00000003.1990665098.00000000057A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                    Source: Amcache.hve.23.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                    Source: svchost.exe, 00000011.00000002.2058295842.0000000003475000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: doMSAFD L2CAP [Bluetooth]dows-MemoryDiagnostics-ResultsMicrosoft-Windows-MemoryDiagnostics-ScheduleMicrosoft-Windows-MountMgrMicrosoft-Windows-NDISMicrosoft-Windows-NdisImPlatformSysEvtProviderMicrosoft-Windows-NetworkBridgeMicrosoft-Windows-NtfsMicrosoft-Windows-Ntfs-UBPMMicrosoft-Windows-OfflineFilesMicrosoft-Windows-OverlayFilterMicrosoft-Windows-PersistentMemory-NvdimmMicrosoft-Windows-PersistentMemory-PmemDiskMicrosoft-Windows-Power-Meter-PollingMicrosofAF_UNIXTroubleshooterMicrosoft-Windows-ReFSMicrosoft-Windows-ReFS-v1Microsoft-Windows-ResetEngMicrosoft-Windows-Resource-Exhaustion-DetectorMicrosoft-Windows-ResourcePublicationMicrosoft-Windows-SCPNPMicrosoft-Windows-Serial-ClassExtensionMicrosoft-Windows-Serial-ClassExtension-V2Microsoft-Windows-ServicingMicrosoft-Windows-SetupMicrosoft-Windows-SetupPlatformMicrosoft-Windows-SPB-ClassExtensionMicrosoft-Windows-SPB-HIDI2CMicrosoft-Windows-Spell-CheckingMicrosoft-WindoHyper-V RAWft-Windows-StartupRepairMicrosoft-Windows-Subsys-SMSSMicrosoft-Windows-TaskSchedulerMicrosoft-Windows-TerminalServices-LocalSessionManagerMicrosoft-Windows-TerminalServices-RemoteConnectionManagerMicrosoft-Windows-Time-ServiceMicrosoft-Windows-TPM-WMIMicrosoft-Windows-USB-CCIDMicrosoft-Windows-USB-MAUSBHOSTMicrosoft-Windows-USB-USBHUB3Microsoft-Windows-USB-USBXHCIMicrosoft-Windows-UserModePowerServiceMicrosoft-Windows-UserPnpMicrosoft-Windows-WHEA-LoggerMiRSVP UDPv6 Service ProviderMicrosoft-Windows-WindowsToGo-StartupOptionsMicrosoft-Windows-WindowsUpdateClientMicrosoft-Windows-WininitMicrosoft-Windows-WinlogonMicrosoft-Windows-WLAN-AutoConfigMicrosoft-Windows-WMPNSS-Servicemlx4_busmouclassmouhidmrxsmbMsBridgeMSDTC GatewayMSDTC WS-AT ProtocolmshidumdfMSiSCSIMTConfigMupmvumisNdisImPlatformNdisImPlatformSysEvtProviderNdisWanndiswanlegacyNetBIOSNetBTNetJoinNetlogonNtfsnvdimm
                    Source: svchost.exe, 00000011.00000002.2058244553.0000000003412000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(dG
                    Source: Amcache.hve.23.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 17_3_03010283 mov eax, dword ptr fs:[00000030h]17_3_03010283
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 154.216.18.169 5586Jump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Levels Levels.cmd & Levels.cmdJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 22694Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E HeroesJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "AL" Speaks Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 22694\Hunt.com + Actors + Competition + Millions + Operates + Wendy + Ships + Ram + Sewing + Groups + Xnxx 22694\Hunt.comJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Lie + ..\Scary + ..\Performing + ..\Facial + ..\Omega + ..\Driven + ..\Litigation + ..\Addressing + ..\Calendar DJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.com Hunt.com DJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.comProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                    Source: Hunt.com, 0000000C.00000000.1748298385.00000000003C3000.00000002.00000001.01000000.00000008.sdmp, Groups.8.dr, Hunt.com.1.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                    Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\1E3Vcm2yrA.exeCode function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406805
                    Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: Amcache.hve.23.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                    Source: Amcache.hve.23.drBinary or memory string: msmpeng.exe
                    Source: Amcache.hve.23.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                    Source: svchost.exe, 00000011.00000002.2058419383.0000000003500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lordpe.exe
                    Source: svchost.exe, 00000011.00000002.2058419383.0000000003500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autoruns.exe
                    Source: Amcache.hve.23.drBinary or memory string: MsMpEng.exe

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RHADAMANTHYS Stealer
                    Source: Yara matchFile source: 00000011.00000003.1986327678.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.2058712787.0000000003680000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                    Remote Access Functionality

                    barindex
                    Yara detected RHADAMANTHYS Stealer
                    Source: Yara matchFile source: 00000011.00000003.1986327678.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.2058712787.0000000003680000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts31
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		112
                    Process Injection                    		111
                    Masquerading                    		31
                    Input Capture                    		641
                    Security Software Discovery                    		Remote Services31
                    Input Capture                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts1
                    Native API                    		Boot or Logon Initialization Scripts1
                    DLL Side-Loading                    		23
                    Virtualization/Sandbox Evasion                    		LSASS Memory23
                    Virtualization/Sandbox Evasion                    		Remote Desktop Protocol1
                    Archive Collected Data                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)112
                    Process Injection                    		Security Account Manager3
                    Process Discovery                    		SMB/Windows Admin Shares1
                    Clipboard Data                    		1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Deobfuscate/Decode Files or Information                    		NTDS3
                    File and Directory Discovery                    		Distributed Component Object ModelInput Capture1
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                    Obfuscated Files or Information                    		LSA Secrets235
                    System Information Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589495 Sample: 1E3Vcm2yrA.exe Startdate: 12/01/2025 Architecture: WINDOWS Score: 100 38 sKVJpeNVvVOkoBPztd.sKVJpeNVvVOkoBPztd 2->38 44 Suricata IDS alerts for network traffic 2->44 46 Multi AV Scanner detection for submitted file 2->46 48 Yara detected RHADAMANTHYS Stealer 2->48 50 3 other signatures 2->50 11 1E3Vcm2yrA.exe 26 2->11         started        signatures3 process4 process5 13 cmd.exe 2 11->13         started        file6 36 C:\Users\user\AppData\Local\...\Hunt.com, PE32 13->36 dropped 60 Drops PE files with a suspicious file extension 13->60 17 Hunt.com 1 13->17         started        20 cmd.exe 2 13->20         started        22 cmd.exe 1 13->22         started        24 9 other processes 13->24 signatures7 process8 signatures9 42 Switches to a custom stack to bypass stack traces 17->42 26 svchost.exe 17->26         started        30 WerFault.exe 2 17->30         started        process10 dnsIp11 40 154.216.18.169, 49742, 5586 SKHT-ASShenzhenKatherineHengTechnologyInformationCo Seychelles 26->40 52 System process connects to network (likely due to code injection or exploit) 26->52 54 Query firmware table information (likely to detect VMs) 26->54 56 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 26->56 58 4 other signatures 26->58 32 fontdrvhost.exe 26->32         started        signatures12 process13 process14 34 WerFault.exe 20 16 32->34         started       

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    1E3Vcm2yrA.exe39%VirustotalBrowse
                    1E3Vcm2yrA.exe42%ReversingLabsWin32.Trojan.Generic

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.com0%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://154.216.18.169:5586/bc9bf2d44d45cc63/4822q3wa.b7epix0%Avira URL Cloudsafe
                    https://154.216.18.169:5586/bc9bf2d44d45cc63/4822q3wa.b7epikernelbasentdllkernel32GetProcessMitigati0%Avira URL Cloudsafe
                    https://154.216.18.169:5586/bc9bf2d44d45cc63/4822q3wa.b7epi0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    sKVJpeNVvVOkoBPztd.sKVJpeNVvVOkoBPztd
                    		unknown
                    		unknownfalse
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://154.216.18.169:5586/bc9bf2d44d45cc63/4822q3wa.b7episvchost.exe, 00000011.00000003.2057443921.000000000350C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.2058419383.0000000003504000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.2057900908.0000000002DDC000.00000004.00000010.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000015.00000002.2234883949.0000027FBA4A0000.00000040.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://repository.certum.pl/ctsca2021.cer0A1E3Vcm2yrA.exefalse
                        		high
                        http://crl.certum.pl/ctsca2021.crl0o1E3Vcm2yrA.exefalse
                          		high
                          http://repository.certum.pl/ctnca.cer091E3Vcm2yrA.exefalse
                            		high
                            http://crl.certum.pl/ctnca.crl0k1E3Vcm2yrA.exefalse
                              		high
                              http://subca.ocsp-certum.com051E3Vcm2yrA.exefalse
                                		high
                                http://subca.ocsp-certum.com021E3Vcm2yrA.exefalse
                                  		high
                                  http://subca.ocsp-certum.com011E3Vcm2yrA.exefalse
                                    		high
                                    http://crl.certum.pl/ctnca2.crl0l1E3Vcm2yrA.exefalse
                                      		high
                                      http://repository.certum.pl/ctnca2.cer091E3Vcm2yrA.exefalse
                                        		high
                                        https://cloudflare-dns.com/dns-querysvchost.exe, 00000011.00000003.2023353754.00000000035A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://ccsca2021.crl.certum.pl/ccsca2021.crl0s1E3Vcm2yrA.exefalse
                                            		high
                                            http://upx.sf.netAmcache.hve.23.drfalse
                                              		high
                                              http://www.autoitscript.com/autoit3/XHunt.com, 0000000C.00000000.1748412659.00000000003D5000.00000002.00000001.01000000.00000008.sdmp, Groups.8.dr, Hunt.com.1.drfalse
                                                		high
                                                http://ccsca2021.ocsp-certum.com051E3Vcm2yrA.exefalse
                                                  		high
                                                  https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000011.00000003.2023353754.00000000035A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://nsis.sf.net/NSIS_ErrorError1E3Vcm2yrA.exefalse
                                                      		high
                                                      https://154.216.18.169:5586/bc9bf2d44d45cc63/4822q3wa.b7epixsvchost.exe, 00000011.00000002.2057900908.0000000002DDC000.00000004.00000010.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.certum.pl/CPS01E3Vcm2yrA.exefalse
                                                        		high
                                                        https://www.autoitscript.com/autoit3/Xnxx.8.dr, Hunt.com.1.drfalse
                                                          		high
                                                          http://www.certum.pl/CPS01E3Vcm2yrA.exefalse
                                                            		high
                                                            http://repository.certum.pl/ccsca2021.cer01E3Vcm2yrA.exefalse
                                                              		high
                                                              https://154.216.18.169:5586/bc9bf2d44d45cc63/4822q3wa.b7epikernelbasentdllkernel32GetProcessMitigatisvchost.exe, 00000011.00000003.2057443921.000000000350C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000011.00000002.2058419383.0000000003504000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000015.00000002.2234883949.0000027FBA4A0000.00000040.00000001.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              154.216.18.169
                                                              		unknownSeychelles
                                                              		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCotrue

                                                              General Information

                                                              Joe Sandbox version:42.0.0 Malachite
                                                              Analysis ID:1589495
                                                              Start date and time:2025-01-12 17:21:07 +01:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 6m 40s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:25
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:1E3Vcm2yrA.exe
                                                              renamed because original name is a hash value
                                                              Original Sample Name:d5552a55f1ed92076d5448a74a21b0c1.exe
                                                              Detection:MAL
                                                              Classification:mal100.troj.evad.winEXE@32/30@1/1
                                                              EGA Information:
                                                              • Successful, ratio: 66.7%
                                                              HCA Information:
                                                              • Successful, ratio: 53%
                                                              • Number of executed functions: 42
                                                              • Number of non-executed functions: 41
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .exe

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                              • Excluded IPs from analysis (whitelisted): 20.42.73.29, 52.149.20.212, 40.126.31.67, 13.107.246.45
                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                              • Execution Graph export aborted for target svchost.exe, PID 7216 because there are no executed function
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              11:22:01API Interceptor1x Sleep call for process: 1E3Vcm2yrA.exe modified
                                                              11:22:05API Interceptor1x Sleep call for process: Hunt.com modified
                                                              11:22:53API Interceptor1x Sleep call for process: WerFault.exe modified

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              No context

                                                              Domains

                                                              No context

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              SKHT-ASShenzhenKatherineHengTechnologyInformationCoicivfhp7cR.exeGet hashmaliciousGhostRatBrowse
                                                              • 45.207.211.42
                                                              6.elfGet hashmaliciousUnknownBrowse
                                                              • 154.211.34.18
                                                              wind.mpsl.elfGet hashmaliciousMiraiBrowse
                                                              • 154.216.16.103
                                                              wind.arm.elfGet hashmaliciousMiraiBrowse
                                                              • 154.216.16.103
                                                              wind.x86.elfGet hashmaliciousMiraiBrowse
                                                              • 154.216.16.103
                                                              wind.ppc.elfGet hashmaliciousMiraiBrowse
                                                              • 154.216.16.103
                                                              wind.mips.elfGet hashmaliciousMiraiBrowse
                                                              • 154.216.16.103
                                                              wind.sh4.elfGet hashmaliciousMiraiBrowse
                                                              • 154.216.16.103
                                                              wind.m68k.elfGet hashmaliciousMiraiBrowse
                                                              • 154.216.16.103
                                                              https://199.188.109.181Get hashmaliciousUnknownBrowse
                                                              • 45.207.231.119

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.cominstaller_1.05_37.4.exeGet hashmaliciousLummaCBrowse
                                                                c.htaGet hashmaliciousRemcosBrowse
                                                                  c2.htaGet hashmaliciousRemcosBrowse
                                                                    c2.htaGet hashmaliciousRemcosBrowse
                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                            Full-Ver_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                              random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                HouseholdsClicking.exeGet hashmaliciousLummaCBrowse

                                                                                  Created / dropped Files

                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fontdrvhost.exe_d32c824e8915b30da4efd4eabd13e74e4ef8c1_ad0be647_6eccb07d-2bea-4308-b5b7-fe7a662a3a8f\Report.wer

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):65536
                                                                                  Entropy (8bit):0.6600977642931039
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:4qFuB3eBqigKJIs3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAX/d0:7URGHnIxR0apYKjqzuiFTZ24lO8JO
                                                                                  MD5:64AE68D6A49C573F0A2378A249EC4286
                                                                                  SHA1:281736A5A7C7A84A0102A9FF593D5B8F4B07B96A
                                                                                  SHA-256:7B59E7A4CEA5121C49EF002710F449F3EA33221C7F005222C1A83D2650F1E01C
                                                                                  SHA-512:0CD201FF595891410E181E035608816643F9AB4E6E44246FDD79694DE99C07C61DA4BF9663691294F3D4983F42463558DF25E7177F146FF17819428EEE4F155E
                                                                                  Malicious:false
                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.1.7.2.5.5.9.5.0.2.6.1.6.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.1.1.7.2.5.5.9.7.6.8.2.4.0.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.e.c.c.b.0.7.d.-.2.b.e.a.-.4.3.0.8.-.b.5.b.7.-.f.e.7.a.6.6.2.a.3.a.8.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.f.f.2.4.1.1.0.-.c.9.3.3.-.4.d.6.5.-.9.f.0.5.-.8.9.0.3.2.6.0.e.8.2.a.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.f.6.4.-.0.0.0.1.-.0.0.1.4.-.1.0.6.0.-.d.d.3.0.0.e.6.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.

                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERE8FD.tmp.dmp

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                  File Type:Mini DuMP crash report, 14 streams, Sun Jan 12 16:22:39 2025, 0x1205a4 type
                                                                                  Category:dropped
                                                                                  Size (bytes):47766
                                                                                  Entropy (8bit):1.2766608472130243
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:5Un8M3YrVmRcFjIyV27i7LO9m4fxugBwxSlsWIS7Io+tC:C8MIrnWOLR4flwxSl9GC
                                                                                  MD5:B06A5FE61280E351C0CD940DFC690DDF
                                                                                  SHA1:FA865BCA17495D07CA4379471F9638FA6584631C
                                                                                  SHA-256:0A32D4A9E65BD1E4A734888FA34FF581E7EF7985A92D2F1ECB22F205EC4018D5
                                                                                  SHA-512:B5612FADA7AD5FEB9EA275422C33A95014E288AEBA5A4ABEA62DA1EFF2CDE2E02F453F970DD685F0A70855E0FA197A84036DF3C9E3923C86613604BF3E984F53
                                                                                  Malicious:false
                                                                                  Preview:MDMP..a..... .......O.g........................................2!..........T.......8...........T......................................................................................................................eJ..............Lw......................T.......d...L.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERE94D.tmp.WERInternalMetadata.xml

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):8618
                                                                                  Entropy (8bit):3.6897136060211935
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:R6l7wVeJcf7S3U6YJdVwgmfr57vPpDB89beR8nfg8Bm:R6lXJ896YjVwgmfrFvkeRUfZ8
                                                                                  MD5:7231F11E91D85271AD68FD73AA5AD88F
                                                                                  SHA1:9905523A8FED5297FFACC48989074630754C14D8
                                                                                  SHA-256:FC5BE41C12BAE6D703133F320B28A5C91F38E202B72379AEAE00B8897DDCDAE5
                                                                                  SHA-512:9333E2111354FF9ABCC59E3F6A6BFE0635CE98C39518EF8A5F08FEE8DAA12F6C88E624B987D95EC381E0EBB944310548A263902CAE83FCACA9433EB48FEB2CDF
                                                                                  Malicious:false
                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.9.4.0.<./.P.i.

                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERE97C.tmp.xml

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):4853
                                                                                  Entropy (8bit):4.442924018053147
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:cvIwWl8zs1Jg771I9bAWpW8VYBYm8M4Jk5LvM6FOyq8vU5LvM5aMukFd:uIjfPI7U57V9JcjMFWsjM51ued
                                                                                  MD5:8552B59953C5EF878A694997585776A0
                                                                                  SHA1:2B973B2DEAA79EAC8C61A2D4848611A73218013B
                                                                                  SHA-256:BE218FED0425D4CC314499A640A41BF62F26910C344D66D1FAEBFEB006749984
                                                                                  SHA-512:AD1856A18AC0045C7C78DC5AB5AF9114666E6F8FF6529702D92B237EAB4B89C54AC786D63FDC0D034CC7648D556FCA5E70328FCFD651CBA320E1D7EDAAEC8B72
                                                                                  Malicious:false
                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="672925" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\D

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):667261
                                                                                  Entropy (8bit):7.999743175897918
                                                                                  Encrypted:true
                                                                                  SSDEEP:12288:YheVtLfo2IMOEDqIwrnFXIDiSVRAML1zuXshPI1b/P1h7IYlvyOQuwN7oVuKZ4y:F3LZJOEDqhrnFXOi8AUuc2ThRynSV/
                                                                                  MD5:01C4198E3B3DF6756C98CC977DCC3D71
                                                                                  SHA1:F090FF343C5937B44426255DF82E0F04896086EC
                                                                                  SHA-256:D59AE9CF0DB084D898E582DB285EC5C9BB6F1072148EC32EEF1D82BE823E208B
                                                                                  SHA-512:50972AAE70313BCDB9FAB90AAD04571D3DB6CB025B44BCCB6B9F5B84498E327DBCED072B7F62CE67E851B40DC07D95123F3621D44B99745D57AC0471A5A75DDE
                                                                                  Malicious:false
                                                                                  Preview:..a...~.a..._.(..1......>F^k.;. ....P..F.gyM.....d.=Z..S.......%.....c...Q..aJ&.\uVI..~...Y.nSe.,.......2.A.<.%....33l@3..i.........W...7L.........v1b........}F........). ...M...I.Q:....U...H.<.I<.E...e..&..0...a8.6Q.P.]m.ERh..HJ..o&...._..$.....L...e.aF. L...P.d-Y:.,J....GH".L..7zR.h..N..N[.W.?....*..B.t.......^.]..uUV~gG.k.............O.4NF,..7.,7....`e..;.^A.G.Y.u..JJ...r.\V2u..N.3H...Y...&..(...n....x....h.1..O.=..y.'....3w;....9p......0.`..&...#.....1~fm-)v-).." .. ...\Z...r..0..d..Z}....u.I...8w.{".*!..N.L_........|A..w.``..U.R.Z.{TuN.V..y0...#..e.9p.9.b.8.....BL.BW%..F.p...@.. ;..;.W.W6.$.@...d..UmF:..Dn..?...V...[.."./<w......C4.i....1....,+..T+..Km.[='..B..3eva5>.H...}x....^n...]e...).M.......B.-o..8.0t.........^.\[....9.G...F.......N.7..(...........X.wo.e0...U(..c....:...4....Z..:....>..W/..a..W.-E.v.Ys;.\.g.... R6.J.....a./.|$,......btM.:o..s...K.p.2.y.i....:H8)....m..iJ.6.^M>w...#.B>O...Z..a.I..j....h..C..t.h,X..8..\.cq.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.com

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                  Category:modified
                                                                                  Size (bytes):947288
                                                                                  Entropy (8bit):6.630612696399572
                                                                                  Encrypted:false
                                                                                  SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                  MD5:62D09F076E6E0240548C2F837536A46A
                                                                                  SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                  SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                  SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Joe Sandbox View:
                                                                                  • Filename: installer_1.05_37.4.exe, Detection: malicious, Browse
                                                                                  • Filename: c.hta, Detection: malicious, Browse
                                                                                  • Filename: c2.hta, Detection: malicious, Browse
                                                                                  • Filename: c2.hta, Detection: malicious, Browse
                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                  • Filename: Full-Ver_Setup.exe, Detection: malicious, Browse
                                                                                  • Filename: random.exe, Detection: malicious, Browse
                                                                                  • Filename: HouseholdsClicking.exe, Detection: malicious, Browse
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Actors

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):56320
                                                                                  Entropy (8bit):6.563317257763619
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:p18OWrM81EyJqx9EdzGGXZVfmlqTmN5WAQIGK2ud5lS87uzh7JCQ/sE7mOB6XSHK:p1/AD1EsdzVXnP94SGGLpRB6M28eH
                                                                                  MD5:64FAFCA0409FA17CEAB3669E1123E322
                                                                                  SHA1:186B9F7570DC11FBEF5B19F8A2ECE52FED817409
                                                                                  SHA-256:B08C9242C8B6B6054076455F7F0B622D0CF770C089130F37338FF44FACDFD9E3
                                                                                  SHA-512:FEED640C62F77B885817B1A41432A076F4025A117592C93690235CC01125C93CCCCF14A71F9376BBA658D7EEAB427F9288C0E2AB0930E1D702B039999B2B0C64
                                                                                  Malicious:false
                                                                                  Preview:..........................f.............................................................._......^[.U..SV..j.[.F.9F.u0...j.X;.sF3.F...W.......Q......~....Y.......~._S.....Y.M......V..N.....F.^[]......U..QQ.}..........L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.j.Z.U.;........T)M.....0.........F.;G.u{............8......../.....................VW......~d...(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.;..._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H..............a...WQ.P....7..<.I..t$...D...

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Addressing

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):81920
                                                                                  Entropy (8bit):7.997900816795645
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:T0P2XM4trHOW+Zt4FvdPbVotSN9fTDZPTCintooDDQ6XeQ4yjXsXS0Rhy:T0e84hukvdPbVZN9rD1C1oDDQmeByjQi
                                                                                  MD5:2F188F9F684B4989AE68CE44015FE5AD
                                                                                  SHA1:F8E95EC225AFFB6F97B8A44F0F9ED8015F907054
                                                                                  SHA-256:C6244C936B05680601774A2AEC6CF070F76D12A64D9F2411EBF581DF3A16D0E9
                                                                                  SHA-512:441C1DD6DA5C821E6ABDC180C730BCA6453914526A7E580E958E56FAA2D2DFCE6F7D03EECE224E7A9FEF987BA74BF59E302CB49B2CC8C01F527A2775C7A30CBD
                                                                                  Malicious:false
                                                                                  Preview:..]m#..@....b.._[.m.>..,.2v..?...x.T.hH..C.6.{...\.{....D.x.\.5..Oud.....JX.9p.J...y-.p.............:UB.....o._k........F...}z.U...<....O..2........)D|._bxF...HNR^........pkvB..H...A..K....)#.Z...Qb..P...pbY~........d.c.^).....==.E..{k..>N4K..y?.'.`....c..z......r..HWE.>=GS..4bW...-W.H...K...+o.\..Yq.....)....Q.R>{.<<oj.....P...g...:........iM$.8...#@....I.....<..#.."SY...W...T.!\.....3..Y...^.U.h..9Gi`.......5.d#5Ir+..sb?..A.+.Z.;mX...-..JHl....#...c..k.9..J.P...$...G..pwr.p.F.......S.]......l&B.I.U).a.......zM.H-.dP6....V..L.8].#r.X......M........YNm=r.r...D.h..X*d...G..c......q*BZ......J|..:....r..8c.....5...YL96.yr....-y..3u....."|<5J.........}{.........[..pLbTm.d.<W..#.....n4=.A....|.#..!..).a..>f.Y.)$...f7..Z!..1E*9.X..#.(....0..9*.&J...n.U...B....^...^,.qS....=e.r..4.h.d%qF.......[..@! ...Y~.*i$T.P.#..4.M.Mj.I.....1.-\.B'4....I......7?x..U%Y... ...Y......!.B>y..pZ...k.4..D....]..m^.0.9..."n.}.L..+.\-..'?.P....Io2.|...va...9..o.4.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Calendar

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):53885
                                                                                  Entropy (8bit):7.996752234978425
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:lj39QigIu4fmvYrLg2rzHQs0mVBINNWLTFkV:939Q9sgAHC+4NATFkV
                                                                                  MD5:0F0406CEAB8C42CF7E94B9ECFD3D6F44
                                                                                  SHA1:4BFDCDD9FDF97D1CBD2B55B6972540A7A3B46E58
                                                                                  SHA-256:267BEE3EF026320DBB6A90BE859EDF10F105A32F3A63DCA444C1FF5E2FBC9081
                                                                                  SHA-512:3329A4F6330608CE499E77387248FA1E62BE774098C14B2C7E2F807C39346642B7FA612DB2492A37A69CACDAA976A72C1D305B4B5063CAE2BA17E89CA8E81D00
                                                                                  Malicious:false
                                                                                  Preview:}>v...*...B...E.q(.@_...G*<..X.u9.7O._......C6.&F.q.Y.......1q......6r|...yn.-G.6dv.........u...\.S.R.....o....;..!$.......EG/+.v6.*.y..A..!.u...u...F.....G.....B...F.0......2..7FzY.1iD....U...G...\..>}4.x.Y.s". ...$....(..,...O..... ....bM...C........6,P.k;.c.r`........}Ki...2.C.%o..|.....y..Cw.7.6gs.XGUe.....!`.t.........e./.g..W.*.R.@............=.Y..D.;.._..|.T4.;.ur^<-[E.c`a..!..Q.......9W.F/.W...!.....b.........uG..h...k..L.G..;....a ?.E......b.'.dr........+.D*..2..F?.L_...G+D2_7..i..'.@1yT..(.a.W..!r......-..|k].w...8r....]{$hL.b...Ih!....(s5.;.E...=T.'...n.W,.`....h.{.d%d...0.HvD....&...Y.k.cfh.y.U..2...c6PL.W.%#..+.F1s...L2.......O.M'.D..>l.x.70..x6..Q.3.`..s=...V.T.h3...v.....M.....p......`.i..wP..x.......".intP.(..4q.....g{".6_.p?c.. s............|......N$=.>=.UPC.M.B9.p..49F|;JX.......r..x..\.......N>.!s5TV.r$=L].L.....vK.O.a%.......{(....'I.......$!...L&1..L...]9P..:.._......g%..tWr..Q....S.....'..`..j.9qd.!...7.8\..eZA..

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Competition

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):152576
                                                                                  Entropy (8bit):6.488873630831191
                                                                                  Encrypted:false
                                                                                  SSDEEP:3072:lkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf05mjccBiqXvpgF4qv+32eOyKODOSpe:lkjGgQaE/loUDtf0accB3gBmmLsiS4
                                                                                  MD5:1DAA2D2E310E88B0F06D31DF599FDA6A
                                                                                  SHA1:E79669C1A72DB74868994057A6B7973AEC82270E
                                                                                  SHA-256:4830BBAF97DBCA4D34B8716EF1A15ED75F51A6F7F5544360E2A22EC07CEC5112
                                                                                  SHA-512:341D5BB36FAC0AF439004AF933C09E6E601ACB14723588638636D11B4C93C41688BD4A9F6195E111B89CC7C3385D3A413F2EA863A61EBB0A3D78A87F82B10E12
                                                                                  Malicious:false
                                                                                  Preview:@........P5M..."...............................I..........=b#M.....S............S...=.5M.....C...=g#M....{D....\....tb.=L5M..uY..T.....T.....L5M...D$......D$...........t....|$..d$.....D$..........|$L..L5M.9L$........=.)M.................;F...=`*M...."L..............M.................Q.......~Q.......................................u........F..E.;5.3M....O.......O......5.4M....O...F.3......T$0.T$8.L$<...D$@.T$..T$...@..........E...PV.....t$8....E....T$0.L$<.T$...........D$<.....D$0........................L.............H......3._^..]......x..u9.x.....I...3.+.........B........w...>..|....B..;G....B...v..;......y.....B...H....9.....3u.V...h....*....=.(M....G....B..H..~..TM.......@..$...@..D$0..P.D$.PVj..u9...........N..D$....f.x.........)M...D$c..P.D$4P.D$ PVj.......F....F..8....M..j.V.<.......D$8........j.j.j.j...$..........P....I.............$.......$........@.....)M......S@....$......(M.P......u...$....P..T.I...$....P..L.I.j.j.j.j...$....P....I.....h....j...|.I........t.....

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Driven

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):79872
                                                                                  Entropy (8bit):7.997855093365027
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:JlHKuPHXyRdW+1BJvIgWUOapio3lQXkFHzvlSwFtuB5PkcIjFrSwI1PsLX:JhKuP3yRdW+PJvIgwiie6XkpzwgwBFkN
                                                                                  MD5:568D0F687A2930E6F0283DE74E44C885
                                                                                  SHA1:8CBC82DE8AC2D3173FFA8E00D03148D269A7F4CF
                                                                                  SHA-256:B14EDB075658406DA0BC622A71061E0B08F6A31BFD2221938077C899BA2FC939
                                                                                  SHA-512:FDE09B140BD11437C82AD1FAB30953E96E1892AAD4B21553826046BEA53A9660DE97EAEF7AD7F1D4999EF6DE01AA571ED5347145370DC2700B460B7E75C5E9E3
                                                                                  Malicious:false
                                                                                  Preview:-.R.O.W0o.l.e.Q.`Q5BA..*.~=..#O.d....djne...@....6.^..@.eL}.....,L.1C.1Z....._e..MQ.1....J.cD.uL.%...J.p2.H.../.rv\.v.T.!..T4..1Lf..1....7.Kh.may...>.5.|./.F....I..b.:..r.+.>..gu{...m.u....p..<..<.......k.P.....i...Y.$...X..}....^imj...K.%.Os.v..9'.....2..U.ef.q.......^.%.Mz..+............a|X.H..L......G...<3..<.v..f..@.-).....g...6T3.....n.I:.-7.\.:`y.z....X......vk,..Y.'..C....)w8wPP68:.ef7ntX>N.`.f..2.'.Piy..k!.Cgq.q..+.q.....je....\....&.....7.[..i9ED.Gm...._.*.....}.....`r8@.j.9\D.S.........F,E.......#+=...F.MD.[.S..q...~...u...n....-.gg....fx..U.....f.it......7u./..S!..;q.(....$.j..\-.N..Z..;...e.6../...2..+a.<..MJ.(Mv..+........<c.>..8.Q.Re`.@~q....8.,..}.5m...=...K......p=.c......_.}. ....:..?...t\@P..y...*.E1.9F.s.r.@.zO...-Gw...].V..^...x.5w..)..<.R#2..m....W)......!.4..J.P..]l>.....?..N.7.N/M....C...0.[...w\..L...._..........#..J%#_W..rx.)...L.)=FI.w(\...X.}....(.Js..l..l.Y"......).n.1|.8...ze.......d..x.Vd.+.a..*.J..\........"......m.7

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Facial

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):75776
                                                                                  Entropy (8bit):7.997742866813675
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:x7OASzu9+19e5VvtwtEmz6lcbmJmS6H1w13dD95myC:BF+19QVvqGmGxG1IRnC
                                                                                  MD5:8EDC12ABAF6981C9B90B0768FD215EC0
                                                                                  SHA1:A030526C21393121F1E895397A516F696DED3EF3
                                                                                  SHA-256:73B47D3830EA95F981C39345FEAC29ED1C4DFCBB6C4B947E0441FB713CC8F691
                                                                                  SHA-512:1AE4C2218FB5BEB3E37DCD383CDD5A238C6F768CA6FBAFA8E68CC0B38C4900F3D0B4544B5CF26EBBB4AD71A1F6ABE0477E4908319B90CD9602708B8E5CD64F3F
                                                                                  Malicious:false
                                                                                  Preview:<A.g....;......C..*=l.....d.n.S.p.E...su..4.3E.KK..%.......m8..b.:.1/.%.{...&.8=......RU...Z.d$.9P....Z.q.o.?...,AZ. ..v......x..F....`.;..(3.Av.....w..].B..%.0aH.1%..;..#n..*W..`...$......1U+2..h.&....U..U..&.s5.F7..!.E..8.799..m..L.....2.N;r....\.@..n.....5.A)f.8".;.....7.K....y.D.W..f.tA....:.Z.wL8.g.B.p.:....?.t.h..2....'r...h.o;....9.X......M#[.......Hk.....)^D;..Z.*.p.O^.....2\....h=.J.....p..A.R......E..{2.'Mg.8.9..;..RS.0$d...g......y..K.n.ip-....m.\.......?....q...:h.i?m.#.......g..n....F.....J...N.....Af.p..2ST..$.5.YV...X..}5.$.g%#Q.H-$.7Vq4......u.../..sdu.g....6R......u.0/...B.4.`.%]..e..~..wc..j.i|.Y.D,.e3U.]..Eg.|...pD.....<2Z_z.Jm.R....ia3T.!.A[..*.%...p^..J.:...T.X.b......4.N.Q`S:6.$.j..4As..Y..ov.@.hw...r..?....A...."cH../z.B......2:.3R.Q.t..6/.o<."d}.25..Q]..."+Gh...8..(-.....O..d.?N..S...f.......t ..x.i..../u'...m{3a.$.@....Q.a.. ...O[...P.B<C..N.%L..6..Z?.r_|.f...).d..Q....L....n...P).|O.F..+.L....3N.'..X...J.K)5.....T'-'

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Groups

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):118784
                                                                                  Entropy (8bit):5.194853752623662
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:iKaj6iTcPAsAhxjgarB/5el3EYrDWyu0uZo2u:86whxjgarB/5elDWy4ZNu
                                                                                  MD5:41C3B3AE23157F5E151844BEC1BB8518
                                                                                  SHA1:FB417F1FD69CF548B916AF7876F138AF267CE5AA
                                                                                  SHA-256:215A597973F81E9E142E43B74382D53B6C0D5B42EEB4D360A812AE378AE1F20C
                                                                                  SHA-512:397D62602A3DD8BF1F8DF073357A4E1BE6DDF5D14F60F7349C2CE80C32D19A2D784752F32E691B6C6F0EFD8C7791F3BB8C45602E32E56405DE7FA8564A4B8E9D
                                                                                  Malicious:false
                                                                                  Preview:r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.........................r.r.r.r.................................................................................................................r.r.r.r.r.r.r.r.....................r.r.r.r.r.r.................................................................................r.r.r.r.r.r.r.r.............................................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r...............................................................................................................................................................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r...........................................................................................................r.r.r.r.r.r.r.r.r.r.r.....................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Heroes

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  File Type:Microsoft Cabinet archive data, 489107 bytes, 11 files, at 0x2c +A "Operates" +A "Ram", ID 7097, number 1, 29 datablocks, 0x1 compression
                                                                                  Category:dropped
                                                                                  Size (bytes):489107
                                                                                  Entropy (8bit):7.998698397512611
                                                                                  Encrypted:true
                                                                                  SSDEEP:6144:vszrK3MiLX+ICYhz1puulYJPm38A7/iv7ST2IdbS4G6v8fFnm8/2TUs5NbehvGc9:yrsyIC4pTmv7ST/b/v8lJy3ehvDweKg
                                                                                  MD5:198D31F6061C83309661E8A1D0C0770A
                                                                                  SHA1:10B6C9B5451BF9739DCCEB1441623FDF3784E85D
                                                                                  SHA-256:A3D1BFB1C08A9C83B5F3F3780D3DE36C45F2064E47974C0F299EC9EF6252B8A2
                                                                                  SHA-512:5DD3715E60A8F6A3DEC74CA2ADF3E26F6E763F5EFA69D78C1FF027A8BE5824840600531005327267BBA9276E818CBE5B0263156DB08C72B52BC5AEDD94151960
                                                                                  Malicious:false
                                                                                  Preview:MSCF.....v......,...................+.................(Z.. .Operates..p........(Z.. .Ram..P...t....(Z.. .Sewing...........(Z.. .Actors...........(Z.. .Groups......p....(Z.. .Ships..\...T....(Z.. .Millions...........(Z.. .Wendy......d....(Z.. .Speaks.|....j....(Z.. .Xnxx..T..Z ....(Z.. .Competition..-.D.9..CK.Z{x.U..~.......(.<.!>.B.D.@%.6.n@.Yt.a....j2..@.....u.....c.o.u......y.....Nf.....!....@.9.Vu....E..RU}....:...p...h..E".....$....#........KzH..3[.....$;7..M..b_f..<.....p%..MB..D.B.2'b....->...8.Y:...v.+..\.e....)...6..l.V},......R2...p.n+...Od[.`U.:V>.6b.XS}O.`....7q.4...c.B......<..;a..w...'..L.......*.@>."5.7j..w.?.....(p...__.....j..*|].e......Vo...T....~r....B... ......h'.....+..^..,.9./*T..../.[)......8.D.....~#..O.1.y...C.R.R...ODL..9.N..ix..^..q.N.BFe.,."O.{s.`Dy......)../.$.e..Y....W.G.....g....$..Ee......'^......"...-`F_....V.V..'.z9....v.....}...K....,....i@f.Q...2...|.8.Y...g...9i(0.h..N...l.....@(F}*......./.....i..:..1.....6.?F....

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Levels

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  File Type:ASCII text, with very long lines (408), with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):9252
                                                                                  Entropy (8bit):5.163090074196507
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:tf9AajnGGL8spe97yWOI0s9p9ulCWaa40qmARoK7jNHfJpxbd:59A4GGL1s97yi9z9WHARxHXd
                                                                                  MD5:05681F7F30817BAE2AFF281905B5CA06
                                                                                  SHA1:FD43BFC0E65D15FC6C773BD64FE1DA7B8DB320F5
                                                                                  SHA-256:1F0B347663D81D34C9D17E28501E09A7B875FAE778ED9E35FE3098C0F9257162
                                                                                  SHA-512:84B611548EDAFEF7A6CD1802B4AC126A7C086956EE45BE7D992F7466417F9C9F6199B8890DE3B8888BC47CDEA865CE17CB68D8738B418EEE81D0B746BFAA75D7
                                                                                  Malicious:false
                                                                                  Preview:Set Ambassador=s..ObeSean-Offshore-Deutsche-Liverpool-Gear-Hiking-Breaking-Believes-..pyNumerical-Reaching-Try-Troops-Adelaide-..bbDcFlows-Payments-Providing-Dragon-Olympic-Qc-Tubes-Promises-Sensor-..OnMAmy-Bahamas-Classroom-Morning-Piss-Acid-Cooking-Louis-Mart-..oZGreek-Somehow-Able-Nature-Elections-..LUTCell-Kinds-Gamma-Develop-Its-Ethiopia-Terrace-..hpqYDuo-Symphony-Tolerance-Hardly-Probe-Smithsonian-Board-Hundred-..Set Faces=G..ceuDentists-Genres-..kjnjParameter-Attacked-Snake-Soup-..tEuKills-Alive-Student-Gambling-Fellow-Visiting-Spotlight-User-Witness-..ioForever-Integrate-Listening-Combines-Amazoncom-Nurse-Encourage-..xnbvNc-Bass-Canal-..Set Telling=K..nceJun-Cingular-Ca-..YcijRichmond-Address-Jim-Billion-Stars-Occupation-..RJKWRoller-Gods-Cathedral-Col-Icq-Sa-Boulevard-Assembly-..poMilfhunter-Diabetes-Maps-Cigarettes-..qXmSlide-..bkTract-Sans-..QOLyQuery-Rpg-Wolf-Monitoring-Looksmart-..wphStreaming-Calculator-Louise-Nature-Babies-Pregnant-..JNbValves-Blend-Proceedings-Varied-Em

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Levels.cmd (copy)

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                  File Type:ASCII text, with very long lines (408), with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):9252
                                                                                  Entropy (8bit):5.163090074196507
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:tf9AajnGGL8spe97yWOI0s9p9ulCWaa40qmARoK7jNHfJpxbd:59A4GGL1s97yi9z9WHARxHXd
                                                                                  MD5:05681F7F30817BAE2AFF281905B5CA06
                                                                                  SHA1:FD43BFC0E65D15FC6C773BD64FE1DA7B8DB320F5
                                                                                  SHA-256:1F0B347663D81D34C9D17E28501E09A7B875FAE778ED9E35FE3098C0F9257162
                                                                                  SHA-512:84B611548EDAFEF7A6CD1802B4AC126A7C086956EE45BE7D992F7466417F9C9F6199B8890DE3B8888BC47CDEA865CE17CB68D8738B418EEE81D0B746BFAA75D7
                                                                                  Malicious:false
                                                                                  Preview:Set Ambassador=s..ObeSean-Offshore-Deutsche-Liverpool-Gear-Hiking-Breaking-Believes-..pyNumerical-Reaching-Try-Troops-Adelaide-..bbDcFlows-Payments-Providing-Dragon-Olympic-Qc-Tubes-Promises-Sensor-..OnMAmy-Bahamas-Classroom-Morning-Piss-Acid-Cooking-Louis-Mart-..oZGreek-Somehow-Able-Nature-Elections-..LUTCell-Kinds-Gamma-Develop-Its-Ethiopia-Terrace-..hpqYDuo-Symphony-Tolerance-Hardly-Probe-Smithsonian-Board-Hundred-..Set Faces=G..ceuDentists-Genres-..kjnjParameter-Attacked-Snake-Soup-..tEuKills-Alive-Student-Gambling-Fellow-Visiting-Spotlight-User-Witness-..ioForever-Integrate-Listening-Combines-Amazoncom-Nurse-Encourage-..xnbvNc-Bass-Canal-..Set Telling=K..nceJun-Cingular-Ca-..YcijRichmond-Address-Jim-Billion-Stars-Occupation-..RJKWRoller-Gods-Cathedral-Col-Icq-Sa-Boulevard-Assembly-..poMilfhunter-Diabetes-Maps-Cigarettes-..qXmSlide-..bkTract-Sans-..QOLyQuery-Rpg-Wolf-Monitoring-Looksmart-..wphStreaming-Calculator-Louise-Nature-Babies-Pregnant-..JNbValves-Blend-Proceedings-Varied-Em

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Lie

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):86016
                                                                                  Entropy (8bit):7.9977563382122625
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:Tp0L1N/wD+NmH3iZgIf8inMmxo6oMgeZwO/lTHB0ntAc0Nog:TmRKDGuyZ3kcAtmwep+ntAcuog
                                                                                  MD5:0B46BCC9B4EB799FF60C4F4A4F0B71BD
                                                                                  SHA1:303AF0D00ECBC0365DAE8F32BEB5D0D6C4028E6E
                                                                                  SHA-256:3E50CBCC56D094BDEAD8208C50461178DFEDA0E7812100DA5A5619BC88D6B4F9
                                                                                  SHA-512:6FFEA1B962418F080384210DB48891645FAD4E4240DA9FED004CD01D75BBF1D5CAF1CBE1B061EE1D770856EB73FB12658F0BBA8076ECC3069112079621925BA7
                                                                                  Malicious:false
                                                                                  Preview:..a...~.a..._.(..1......>F^k.;. ....P..F.gyM.....d.=Z..S.......%.....c...Q..aJ&.\uVI..~...Y.nSe.,.......2.A.<.%....33l@3..i.........W...7L.........v1b........}F........). ...M...I.Q:....U...H.<.I<.E...e..&..0...a8.6Q.P.]m.ERh..HJ..o&...._..$.....L...e.aF. L...P.d-Y:.,J....GH".L..7zR.h..N..N[.W.?....*..B.t.......^.]..uUV~gG.k.............O.4NF,..7.,7....`e..;.^A.G.Y.u..JJ...r.\V2u..N.3H...Y...&..(...n....x....h.1..O.=..y.'....3w;....9p......0.`..&...#.....1~fm-)v-).." .. ...\Z...r..0..d..Z}....u.I...8w.{".*!..N.L_........|A..w.``..U.R.Z.{TuN.V..y0...#..e.9p.9.b.8.....BL.BW%..F.p...@.. ;..;.W.W6.$.@...d..UmF:..Dn..?...V...[.."./<w......C4.i....1....,+..T+..Km.[='..B..3eva5>.H...}x....^n...]e...).M.......B.-o..8.0t.........^.\[....9.G...F.......N.7..(...........X.wo.e0...U(..c....:...4....Z..:....>..W/..a..W.-E.v.Ys;.\.g.... R6.J.....a./.|$,......btM.:o..s...K.p.2.y.i....:H8)....m..iJ.6.^M>w...#.B>O...Z..a.I..j....h..C..t.h,X..8..\.cq.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Litigation

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):51200
                                                                                  Entropy (8bit):7.99617100479604
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:B39x5/2Dlue4H9PRXt7bPVH53pyRnmykuZ:Bbt0QtJtdyRnYw
                                                                                  MD5:7BE2E4B20C89BD8E82048F9B46C57874
                                                                                  SHA1:26FF489E1265091BFFDF8AC5499FE3D9A265DF42
                                                                                  SHA-256:20CBEFDD1A270F943AA1F4D8980FDFB6FA972C94B51F3F4CFD22B78B459DB808
                                                                                  SHA-512:110A3C93DB08BAA3CC60A56A05C93D858A883649BEADAD120EB84AF613693173F3EB3F56876AB2B6F34914C30DF8CF89DD7D7137E90215DF4C2F47734C81002F
                                                                                  Malicious:false
                                                                                  Preview:...6`....e.~..s&WwQ.S.>Th....d\...[ .:..VL.U....T....K^..Dh....0l...U...Z.\v.5HRT.HJ...f_.....f.^..H.)..]..d..h`wiT.Q.2c..].|.....U._y6..../J....N.Y}.IwD.%.w_..#-..T{.....<.hc.......b....&..}..........U.....rw.....b.#y......t._.+.....i.V..N...;(.q....B0........f.hU.m....W@..U&&.........3..D....:....L...5.t.ZbV.('.......5.O$fZA..1.`....k&...QG(c4B.=..H..i.....1.z. 2.....:r..B....8.......6.;r.`&?2..e..;...*.....$.Q.k7.2.....~..Y...+....P.B..8.....o....i.....|..e..U....,].43R...@..R5......+Y(.J"....Am.=#...(o.m.+..R.. .....1R.....{...."..{K)=.S....sYq..T.3&......}.qp7.s......z.!.g.ux=..220.u..C+f9.A..l..j.'+...H...@...m.Z..Q...k..1U3!.9.A...r..ub.O..`........;l..u1.x..6Q..q.....`r.R...T.tg!w....Xq...v..P.U~......D...l..\.....h.Q!..I...w<....&.."}x...w.!...d....~)...4,.h..M.Uy5x........j.s..~.b.R{....)...|....Du..D-Rw.bK.3i.q...}..@_.E....#......C..$...V.....t......LmN.y...?qY...v..\...(.....9$.-v...(1.A~..Kt#.....7Ln&{]...}....G

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Millions

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):89088
                                                                                  Entropy (8bit):6.725775370058024
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:6+Sh+I+FrbCyI7P4Cxi8q0vQEcmFdni8yDGVFE5gOHu1CwCMIBZwT:/SAU4CE0Imbi80PtCT
                                                                                  MD5:AC8C97E24771BFFF3FE724CC865C1D56
                                                                                  SHA1:A42564B87EED2904F8E792FB9F259B44AAB90B2A
                                                                                  SHA-256:1BDD7FFB1C3F69E219655643E8F6432546C27A4A5C8A6CBEFB4B7A5B4843044E
                                                                                  SHA-512:84E0DD9DABD053EB23F1EE5ADBB694CC6BF8D2B206FF4CD3B99B98FE20B5AA3C2D7467013A7D9D8615BF7BF32EC689B9936EBA3B8639157DC9985FCAEEA48B79
                                                                                  Malicious:false
                                                                                  Preview:u...F.B...%......u.!M....E.........1F..F.M..u.......E.............B.%.....E.w..:........e.......j0X.E..M...~S...R.#E.#.M..............j0Yf.......9v...M..U...F.E......E..E.......O.M..E.f..y.f..xW...R.#E.#.M...........b...f...v6j0.F.[....ft...Fu...H..].;E.t.....9u...:...........@...~.Wj0XPV..........E.8.u....} ..4.U......$..p.....R........3......+M...x.....r..F.+......F.-..........j0X....|?.......;.r.j.PSQ.....0.U..F;.u...|.....dr.j.jdSQ.....0.U..F;.u...|......r.j.j.SQ.x....0.U..Fj0X..3....F...}..t..M..P......_^[..]..U.....E.V.u.W.u..u..~.P.E.W.p..0.a.........9M.t..M.3..}.-...+.3......+.E.PW.}.Q3.}.-...3..........P.6........t.......u(.E.j.P.u$.u V.u.W....... _^..]..U....VW.}...~.....3....9E.w....j"^.0......_^..].S.u$.M..B....U .]...t%.M.3......P3..9-.....P.u.S......U ....E...8-u...-.s...~..F...F.E...........3.............9E.t...+..E.h.;J.PV........[..uv.N.8E.t...E.U..B..80t/.R....y....F.-jd_;.|......F.j._;.|......F..V..}..u..90u.j..A.PQ.........}..t..E...P

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Omega

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):88064
                                                                                  Entropy (8bit):7.99820379068592
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:PxZ8tdUIsrSj9fjIhRycEtzECurdJJ+B2AySoED1B9NG9+PX:TAfsrSj9UhDEtzzurdPZsDPG9+PX
                                                                                  MD5:8AFD4470D1F05414AF3792A07075CE18
                                                                                  SHA1:A0BECC184F4E56387CB39CA91A8E72E2388D84A8
                                                                                  SHA-256:41670CEACD21352B90B0E032C22678FCB380A1A39F5EC0A72FFFAADFAC08D0BF
                                                                                  SHA-512:B971C65E92B6576224732C8039D4844EC560844F312A059580C1744A36C0F7420553A1863CFB08EB69539F35A820585E52F7BCBCCC61131D267463FA004CEE54
                                                                                  Malicious:false
                                                                                  Preview:s.....C.&...tU..E...$..e.L.E......jW.G.XGK.)O..R...Ks5H......l.YE..5.J`......#`[`K.'.6...tF\.....Z....c...A..O v..Q."~.c..^i>G..DXu....8p4.....Cx..E...S.9.U.T.\...Nb-...G.Y..4...F/e.2.....G{...Y.C(.KSp......*.Q/.1j.......0..u.i....=AUC..3jsn.GTU..._.>.^&..Nm.......F.....r0.....,.b.:d.G...K.8.......Z%6t9.=......P`...XMs.)......5.a5p+i?..5..\lO:-d..:G.K.7... ....d..+.C..\z[.!...r..s..6..p.......V[.i.-H_.h..,h&..X....=.+...<.VX...\.I.~.g"...AK..0F.z..6;V%$N.......+.v.t.Y...mOa.....e....(..S6../{Je.)4...:...H.#:Gs....<mgd..0.. ..i. *.........:......_.I...........t.,.....-..#....S..J..:..........q......x...;.1.n........!+o.q-V=.?'....ycb..x.e.O...ak......]..hvw.;?6..hl..{....5_5}7.L...@..F..w+.......q......0.E.N...>....oXK....pM..l.\Ah...<.=.%).@<(<...9....XR(...Zn.T:@{...y......P$.$'3..A...^..."."...Yo.......f..Eg]P.....I...q./.......!c./J....{...9m@d.@9.*^..{...l.i.I}..B.ml.M}...........v........60.o..C..e..{........7.)..m..K....r..

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Operates

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):66560
                                                                                  Entropy (8bit):6.582376245963583
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:aAJu7QnswIPumV3BxZxu6/sPYcSyRXzW8/uC6LdTmHwANUQlHS3cctlxW/:1EMnVIPPBxT/sZydTmRxlHS3Nxg
                                                                                  MD5:23CB2807802FAD66BEAEEB19DC118B62
                                                                                  SHA1:615D6ECACA4130C7F728ACF47B41A3B3244ED784
                                                                                  SHA-256:B4CFC67615318573417FB7E767145F608EED333AA2EFF98C107486AFA06B903A
                                                                                  SHA-512:271102D60ABB7FAA79763A54D2A74CE55652FE193F1342B7497D12682E8EB0C619349BA54AABE96AABF0BF04174BC597ACEED3F5AF3DEEF707506CA4786C9CF1
                                                                                  Malicious:false
                                                                                  Preview:.E..u7.E.......f.;i.......{.....}.E...C..E..u..E.........].....H...y.....>.......E......E.|3.u..VQ.M..............WG...E...H.M.A.E..M.;.M.~.U.;........}....}F...E...}.@P.u...V.u..u..o........../....E.9E........u.M..V.u..I...........F...E.<G.E...@..P.u.V.u..u...........t.......u.U.VQ................F...E...H.E..Q....A...............E..$...E..A.....]...s......M....E.........+K.....+K..U.E.....~....E......r...3...i....E.3...m..S..U.....E...C..E...u..E.........]..8....E.............%............E...P.....n.......l........n....E.;F|...H.........E.......v...n.......!...............M.....w....E..M.U.A.M.;.~.......}....}E...}....M...7...;U.|......E.;F|................M.%....=....u%.E................M...@.%.................v...nu..Z...............M...tC.M.E...H.E..E.@.E.;E...t....%.......t.;.....v..Fh.............y\...}....A....E...}.@P.u...V.u..u............}.......;E...M...f.......f#......f;.u.....E...@..P.u.V.u..u..t........t..3...;U.}p.M.;F|s@.........v...nu

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Performing

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):60416
                                                                                  Entropy (8bit):7.996165385414738
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:dbYO3H8PSNYRLvmm61M5pXyqj5Z40c7L3MOE9XfyFB:BYhlvmM5pXyqjnUDxE0B
                                                                                  MD5:B06E8AFE3EE23FFB7E6D8A7F2C89F2E7
                                                                                  SHA1:094580265A4C0F382550655FED9F937C9A4DF3CF
                                                                                  SHA-256:ED98EB207A8322327ADC579125B126F9916946A45468C01D9791188C0703A0B9
                                                                                  SHA-512:6E18DCE6E1E1008624F9FB7912E79548269ABCA5D19768521107FD834E9D9809719B516F119D54DC2F0469A8F923DCB9519ED214C7C0FC6255ED33AB55D48DCD
                                                                                  Malicious:false
                                                                                  Preview:yb.-.a.m.qm.h.}].hz.A.c...BT6<...W.4.Y`'{..\....,.=...l.V.....0.:D0Eb`f....g..........~3.....$.[..Z..rv..=........0..E.=..e.u.WN.{>EK...!.=l.&....~...o...........w.q.M..{..A...I......;,..lU......O......B".B.V7....].....N..D..1..#..-.w#.....u0..r.m..G..R".q4...D..y.w.15..N-.`@..=..I..\J..W.l1.....].Ko.rM....v/R.Q.|J.w......C..C....(........5....F/R...+..8....J\..ay.....b...9e.].\.h..^.C....?_wv..<.....z..f...G.%.+..l..q.?....i.%^T.Y...-JL......;...'._i,.O.F.e.Dn.}./...>?.h.oI.......?......0.|u.p...z...tL...8Kp]1.....e.../....{R...........X.!.^......A..f.S]4;..z.......w....`...f0.`..r....6.7}...I.]h.W'.:J...:+.a.M4....j$k..|....0.F.2d..4...lF..L....:Y.....J..'..+J.......m.T....v#.cYj...E.L.oi:oN#....9... .6....tm..g.u...... ,2.......su.$|(....o....._...Vm.....a......2.O...#.f....K.]g.C......Gj..W..I.p O..6...&.'n.8..zVQ.B...i....:^.X;.....w..=/.+O&[..#..R..Yn1.O.?)....q..;.#.*..o.......8.s.v..)w~u..fJ{5_%..l8..h.....U....!`....../.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ram

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):94208
                                                                                  Entropy (8bit):6.5774521665732655
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:kRjv18fRQLTh/5fhjLueoMmOrrHL/uDoiouK+r5bLmbZzW9FfTubb1/Dde6YF64T:Cv18mLthfhnueoMmOqDoioO5bLezW9FB
                                                                                  MD5:C9E0B5E34AA6AE21CEEC9B1F93DAD77D
                                                                                  SHA1:919BDA56815EC58CA93B5C38F0A9471656B8C034
                                                                                  SHA-256:032C330DCBBC1D90293F409195091CAFF308D6600F3898029F540DF23536E3B4
                                                                                  SHA-512:462BD851F6DBE9C64BAE2766ECF22B80867140AEB4BED9BB1FFDCFEEBFF1A1E69365240DFAA4E2A1AB16A4BD6930634F722C9EEC8AF4505297DEAB2840C37CF7
                                                                                  Malicious:false
                                                                                  Preview:....M.}.......u_.[..p.L.W.....Y;.u%..t..E...+....8...f;.u*......u.3...t$...H..|1...D1.t..@8.@......H.....@..}..]..E..{...~.=......P....I.f.C........H..|1...D1.t..@8.@......|1...D1.t..@8.@..2._^[....U..QQ.E.S.].V.u.W.#....C..............E.i.....+.i......E..E.P3.P8E.t.SP..PSP....I.....u!8E.tu...H..|9...D9.t..@8.@.L'...G~)S.u.....I...uI..j.^.H..|9...D9.t..@8.p.....$.I....I..|9...T9.t..R8.B..|9...D9.t..@8.@.._..^[....U..QQSW....3.E.QQ.x.GW.0j.Q....I..E...u.......@V3.j.Z.........Q....Y.u....E.VW.0j.j.....I.H..Pj.V.YK..V....Y^_[..U..}..V..u.QQ......g.u...S..Y.N..F......~7.B.j........Y.......F..F....u.j.X........P.F..'...Y....P...2....F.@P.u..6. ......^]...U..VW.}.....Q..A...t..B...t..P.;.u...;N.u..V.Q.e....'..N._^]...U..QQSW....3.E.QQ.x.QQGW.0QQ....I..E...u........3VP....Y3...E.QQ.u.VW.0QQ....I.HPQV...(...V.h...Y^_[..U..E.Pj..u..u..u..8......p....Q.wR.......y....].U..E..@....y..u....I.....u.V.u....&....&..F.....^3.]...U......DS.].V...W.t$......3.3.G..P.{..D$...p.I.;.u...t.

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Scary

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):90112
                                                                                  Entropy (8bit):7.997786734220462
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:mlgKNGr32HovxaQr5QIgmWf2o/hdUtb3ED6PuN+NRxnTpiXRjBWqeqD6iw2GRhz8:mlNc32IZaQlQvjeo5SLEDxuR/yRj4qD7
                                                                                  MD5:213ED632D8DF64CC63210406D2711792
                                                                                  SHA1:9C2D9E16459DA04028804B90D97EC9F01B1C2CCC
                                                                                  SHA-256:9B823B74EA17C571FAFDDFB6FBE5B3DCEE45C4E6574252A1B2B1607F2FFEB19B
                                                                                  SHA-512:7651A3CFE2EF007C8089917F90D4C261D25DDB5D9B18DFB21B61FFD3B6803A5A24A40D86143EFAD987031A1192EE59BA8F280D96DD5A68AC0EC00ADDF579C7D6
                                                                                  Malicious:false
                                                                                  Preview:.].G.e.0....\.....z...^..-......i..Nekn2~uo..x.>fM......R.8a.Bx.k.Wa.G.....L+{siz.A.F7wXv.^...Ds...`..D3[..h....-.....3......|..zI.f...6...O..o....3.......c..:$.~.Sy.*@.......MUL.C.yFG.\.......l:.2@5.H..~.N.]>].. fv.7../.`..#j..l:..K.Is.k?..x...)..t/..B....wP...].L..(...{...F...W..Me..r..x.>.n.m...;.1M....y,9`......\t..3..z..Z..Yn.]........7.+....%v.;..r.......[..@....=b......II..........Ha..cu..E.9...:.....2.FG..>......\..Qh.. g1q...t.B*T..@0&....._B...(.P.......v..n.Y..i.J..~I.....,...%...i..\...6p@../...F..g?-..kC.aI..]...}..&.#tH........7K$.V.H.,.a...M..h.@7{Y..c..u.......n...6....x.Ik.yk..MMi..H.D....|s`.f...../.Bb......;lc....k;...US#..#.(KSA..'.O....S.3cRPv8;...=6....B..}..,C..../..%.S..:Y..a9.F..7..S.w..gc~..0mz..G...IUp...L......`.....~._..nUGa.,.. .d.S....Q.'...IFR.w.W..=....i.....4.7r.r.......b%Jz.n..>rE.x.o.6.....?[\..re..{'?..@.R..)x.....B.G..>.>sa$VP.1%.g.1..A..UO..x...[....u.....E.Dq.......D2P.......^....]b....

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Sewing

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):151552
                                                                                  Entropy (8bit):5.758424011762704
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:VYfv2j62SfuVGHj1vtK7h6R8anHsWccd0vtmgMbFuz08QuklMBNIimuzaAwusPu:VC2jfTq8QLeAg0Fuz08XvBNbjaAtsPu
                                                                                  MD5:838CC8F89BE8FDB82FC5A1D609454A2A
                                                                                  SHA1:CB2BD7F8756202F20B05A22F06F48A775CEE22E6
                                                                                  SHA-256:38C8FC46C160C9B8203D4913DD8C8A8B5108999C6D74000ED0C726F1B34077AB
                                                                                  SHA-512:0737F96DDFD4745CBCA7382630FADB2C3FD04CEA5B622FF96445D256C572B2D13F8A78C3B555E1DBC4B3E1C066B1E5805AE75680100EF50275A38A2C923E21A7
                                                                                  Malicious:false
                                                                                  Preview:.......E..}.+.+E.....}.+.+}..E..............t,........E...`u..E...y\+E..+.............E..U.....U.t.........E..tof.}.........tL........E...U.)}..U.)U..U..U..>.+...;.~.........E.+.M.+E...E...}.+.E.+...........+}.+}..}..u.U... .U.t.........E.@t5f.}.........t..........+.+E..E............+.+M..M..u.j.P.u.QW.3....I.........u.h....j.hB....3..H.I..><.u:...... u1j..s4hi....3..H.I.......<.t....;.....t.j..3.. .I..M..].C.].;.d)M.......j.j..6..X.I..........E............Q.u.j..u...x.I._^[....U..V.u...(M.....w....@)M.......E.%....-....tk.. tH...t*..0t.-....u\PPRj.........<j.j.Rj.........]j.j.Rj...........(M..t'.Dj.j.Rj...............(M..u(..........M...E......Q.u.h.....u...x.I.^]...U..QQSV..1W..f....(.........E......E.....f..pu...A......f..|u..}.....................f;..........f;............f;..........f;..........;.wDtW..UrY..Zv...]v...`v...auE..A.f;E.t.f;E.....A.j.^f;.t.j.^f;.u!.......-....t.H...t.H...u...A...A....1L...A..t9.B..7w1f.A......f#.....f;.u........A.;E.t .......1L...A..1f...

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ships

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):58368
                                                                                  Entropy (8bit):6.497859854755533
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:DRmLORuCYm9PrpmESvn+pqFqaynB6GMKY99z+ajUa:lR8CThpmESv+AqVnBypIa
                                                                                  MD5:C5249107E655E76FF241EA2A0459B7DE
                                                                                  SHA1:71B934A7DFBD7FCF6AF687BFC576EAD2ED92A0C3
                                                                                  SHA-256:589571779F97EF9AC45140C09CFB75FADF056546224124EB9DB4CA0389386949
                                                                                  SHA-512:AA60827ECA0B789064E89E62538D8707B8B2F28E00B50ED74F531DFF4466DEB7B85A4611F335E90D0F7045CD8D0320AE9D05DF9198FFE13E645A90089F7D1205
                                                                                  Malicious:false
                                                                                  Preview:YhT}L..Rh\}L..Khh}L..Dhp}L..=h|}L..6h.}L../h.}L..(h.}L..!h.}L...h.}L...h.}L...h.}L...h.}L.........+.M....P..|....D..t..@8.x..|....D..t..@8.@...M..&f...M...f..V....I._^3.[.......VG..VG..VG..VG..VG..VG..VG..VG..WG..WG..WG..WG..WG.#WG.*WG.1WG.U...8....E.S...E.....V.H..@.W.M.3..}.0....6...F.........E..E..@..p....6...F.........}...u..E.v..F..H..Tq.....}.j.h.{L..u...9...M.......E.*.....3....U.E.E.E....f..t..M.f;E.u..U.E.f9.u.......}.}..s..E.P.E.P......PWRR.E.PR.f.F..@...E.u!..5...M..A..M.Q.M.Q......QW.0j..2..5...M..A..8.F..p.....5...F..M.Q.M.Q......Q.u.W.0.E.Pj.....I..}..............m...3..G..........u....H..D..8T..t..@8.@............U..........................u..H..D..8T..t..@8.@...........Cu..H..D..8T..t..@8.@......x.@...P..H...Vu ..t..I8.A......x...H.t..I8.A...X..t..I8.A......x...H.t..I8.A....j.V.H....Z!...)...H..D..8T..t..@8.@......D..8T..t..@8.P..]..E.f9.u..E.......t.......P..h..I.....S......u......YY_^3.[....U..E.SVW.@....0...%4...F.j.j..0....I....t#.u........&..F.....

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Speaks

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):1758
                                                                                  Entropy (8bit):4.766285338643967
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:tNyGS9PvCA433C+sCNC1skNkvQfhSHQU2L55e1yb/uBx39lt6DhBhhB4+JvU1k:te9n9mTsCNvEQH5O5U1nPKrhBzM1k
                                                                                  MD5:5020D4649309793FC8849C86040FA5B7
                                                                                  SHA1:1604DD05E6AA4A16937C4DD7293CE3BD2EB08A98
                                                                                  SHA-256:820E16E555BC21B69CF82A09F718C2688A339EEFF03A5EF909E991B50D6B91D2
                                                                                  SHA-512:9FC228B207E9B04E408653931D301E61E7AF2E9612E9D073AA232A7F75D7B5F618FD8DDCBC831364E5E96BDF57E73ACC495D09CC09EEBF6145B34A85D5B0E087
                                                                                  Malicious:false
                                                                                  Preview:AL........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B..............................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Wendy

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):111616
                                                                                  Entropy (8bit):6.6980051227298505
                                                                                  Encrypted:false
                                                                                  SSDEEP:3072:MHSBRtNPnj0nEoXnmowS2u5hVOoQ7t8T6pUkBj:nNPj0nEo3tb2j6AUkBj
                                                                                  MD5:163E1FBECE6AC75FE733EE9A5753FF42
                                                                                  SHA1:4FA8F27A3580D0D970B82F69A0A515F3B4B8705C
                                                                                  SHA-256:910BFAADBA57FE10ACAB319CF50276B65193A39A0A519A661AA63FEF1A98558B
                                                                                  SHA-512:400F495D8BBB64175E91E47E3D768270D40EE75DD0E88C3E2F1D29E48E327FC8B03139E2494348A8F212F28367578638C7417B4CF3EFD021838A64BB3BA76B2D
                                                                                  Malicious:false
                                                                                  Preview:.......u.f;.h...v.M.+M.3.E,.U.....j....M.X..]............w..u...]..f;........E..q........e)..j<Xf;.u.j>X....E.u......j'Xf;.t.j-3.X.}.f;.t(j+Xf;.t ..f;.p.........j9Xf;........}.......M.u......j0Yf;.r;..j9Xf;.w1........n'..k.........j0.u..........Yf;.s....].f...w.j)Z.u...f;...1....},........M..xQ....M'....t..E(j-Z.@@;.u.+.X........*(...M(;YD...(...U.f.Z..u.;YL.......YL.....U(3.]...B,.E.9J0~>.M..P.S.....Y..u..E.3.f9LX.u..U(...U(G.M..B4..A...M.;z0|.3.u.;z0...........u.G..M.].;BL~..BL;z0}:.].M..B4S..A.M..Q..M..q...Y..u..M.f9DY.u..U(FG;z0|.].M.U.;u.~..].Cf.r.f.B.........].f.B......}.....'...E.jRZf9.ue.U...~=j0_...Pf;....&..f;.L......&...........&..k.......E.B;.|..u.......U......f.J..M(f.B..u..h.........&..S.$.L....F5..Y.....&...U.......].f.B..u....U..s.3..u.......E.}..M(.^1..j+Y;.t%j-Y;.t.....U../...+..j9Y.U.;....+..j)X.E...J....E.E.A|........A\j}_...........M(.A\....}.u.....3....j)...u.Xf9....%..........V...j=.u.Y...f;.t.j>Yf;.t.j<Yf;....$.........j

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Xnxx

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):46460
                                                                                  Entropy (8bit):7.061189792904747
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:B9BGmd9OTGQ1Dv7sMvLHfR/ZByLiFuO/ChgZ45VatJVEV3GPkjF:B9BGmdATGODv7xvTphAiPChgZ2kOE6
                                                                                  MD5:7B68C0772FED701A75ADC074F6200276
                                                                                  SHA1:44FA9249C8E6C8023BBA3555BEB2B59C8C0C9EA7
                                                                                  SHA-256:A8715DD0D88740D1F84D681EB4142F1C96BED2C6C3092AC25EA55BE386AAE52F
                                                                                  SHA-512:3B5A7292C5E65313650CE76660F69684A860B0DFC920C1F8D3B026AB147532F6A38F55D6A89CBC8047355A29DEAC5CDF11BB1F3BDE653E308625827D4850FF78
                                                                                  Malicious:false
                                                                                  Preview:......]...]...]...]...]...]...]...a...................................s...]...]...]...]...]...]...]...................W..............f...]...]...]...]...]...]...]...t..............................]...]...]...]...]...]...]...f................W.....................]...]...]...]...]...]...]...]..........................^...]...]...]...]...]...]...].........................................g...]...]...]...]...]...]...]...]..................h...]...]...]...]...]...]...]...g...........................%.................]...]...]...]...]...]...]...]...]...g...m...^...]...]...]...]...]...]...]...]...................%.................................]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...].............................................................]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...............................................$.....................g...]...]...]...]...]...]...]...]...]...]...]...]...g.......................$

                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                  Download File
                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                  Category:dropped
                                                                                  Size (bytes):1835008
                                                                                  Entropy (8bit):4.466380906801636
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:aIXfpi67eLPU9skLmb0b4zWSPKaJG8nAgejZMMhA2gX4WABl0uNCdwBCswSbt:vXD94zWlLZMM6YFHY+t
                                                                                  MD5:8EB0C3B425681F5F8E6C4B238A389C41
                                                                                  SHA1:C3F3B2DE55C926B3C14FD340185F3F2F49BA0EDC
                                                                                  SHA-256:3E8C71455A8C9552E21CBA810321CDEC2700B0BA0B06566DB9B9ED652337C21A
                                                                                  SHA-512:225C811E8812118B02466F4A73A4E6F3F7C03A47987BE12EB21396204E844C13DBAF880BA6F14C2B25175F840CEE0C6D4D1C86FD8290A6C861ECDD6EE38D7382
                                                                                  Malicious:false
                                                                                  Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...2.e..............................................................................................................................................................................................................................................................................................................................................^...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                  Entropy (8bit):7.985586038199709
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                  File name:1E3Vcm2yrA.exe
                                                                                  File size:1'248'132 bytes
                                                                                  MD5:d5552a55f1ed92076d5448a74a21b0c1
                                                                                  SHA1:87cd27f843037a77b721f3399cd76525313efcdf
                                                                                  SHA256:355084b6583f9918755201f6e54fdee4d49d5dcb3e59c5fac055513a4ec37520
                                                                                  SHA512:863617a83e4be905bf67cb6710b871bcb35235d4c60935a1f1ae126dc49c038e028c179462fb342f4c2d49e6945fa168ab7483ce97002e7d418b46d3ff89153a
                                                                                  SSDEEP:24576:Jmik6mbi19i+cgl5yUiZVdmEhBaRlAdbSS1eTV4oIA:yiPlMhLB0WbSCo+oIA
                                                                                  TLSH:B945335EB56880A1F2814CB031ED1E658FB1BD7118A3891F53A988DCBF06952EE35FC7
                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L...X|.N.................n.......B...8.....

                                                                                  File Icon

                                                                                  Icon Hash:069a9819352c099a

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x403883
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:true
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                  Time Stamp:0x4E807C58 [Mon Sep 26 13:21:28 2011 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:5
                                                                                  OS Version Minor:0
                                                                                  File Version Major:5
                                                                                  File Version Minor:0
                                                                                  Subsystem Version Major:5
                                                                                  Subsystem Version Minor:0
                                                                                  Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                  Authenticode Signature

                                                                                  Signature Valid:false
                                                                                  Signature Issuer:CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
                                                                                  Signature Validation Error:The digital signature of the object did not verify
                                                                                  Error Number:-2146869232
                                                                                  Not Before, Not After
                                                                                  • 19/10/2023 13:38:42 18/10/2026 13:38:41
                                                                                  Subject Chain
                                                                                  • E=marek@freecommander.com, CN=Marek Jasi\u0144ski, O=Marek Jasi\u0144ski, S=Bayern, C=DE
                                                                                  Version:3
                                                                                  Thumbprint MD5:1BA427AD72B63805CE3594D2153BC4D5
                                                                                  Thumbprint SHA-1:5CBBDA54A90366A5AF36492615686E9B4487738A
                                                                                  Thumbprint SHA-256:C329F41037565035188781F602C403A21018EC0BC54A35D87E542C20607CD4AD
                                                                                  Serial:612B2B92BF06E4A415CC969C458ABE34

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  sub esp, 000002D4h
                                                                                  push ebx
                                                                                  push ebp
                                                                                  push esi
                                                                                  push edi
                                                                                  push 00000020h
                                                                                  xor ebp, ebp
                                                                                  pop esi
                                                                                  mov dword ptr [esp+18h], ebp
                                                                                  mov dword ptr [esp+10h], 00409268h
                                                                                  mov dword ptr [esp+14h], ebp
                                                                                  call dword ptr [00408030h]
                                                                                  push 00008001h
                                                                                  call dword ptr [004080B4h]
                                                                                  push ebp
                                                                                  call dword ptr [004082C0h]
                                                                                  push 00000008h
                                                                                  mov dword ptr [00472EB8h], eax
                                                                                  call 00007F62B087DE8Bh
                                                                                  push ebp
                                                                                  push 000002B4h
                                                                                  mov dword ptr [00472DD0h], eax
                                                                                  lea eax, dword ptr [esp+38h]
                                                                                  push eax
                                                                                  push ebp
                                                                                  push 00409264h
                                                                                  call dword ptr [00408184h]
                                                                                  push 0040924Ch
                                                                                  push 0046ADC0h
                                                                                  call 00007F62B087DB6Dh
                                                                                  call dword ptr [004080B0h]
                                                                                  push eax
                                                                                  mov edi, 004C30A0h
                                                                                  push edi
                                                                                  call 00007F62B087DB5Bh
                                                                                  push ebp
                                                                                  call dword ptr [00408134h]
                                                                                  cmp word ptr [004C30A0h], 0022h
                                                                                  mov dword ptr [00472DD8h], eax
                                                                                  mov eax, edi
                                                                                  jne 00007F62B087B45Ah
                                                                                  push 00000022h
                                                                                  pop esi
                                                                                  mov eax, 004C30A2h
                                                                                  push esi
                                                                                  push eax
                                                                                  call 00007F62B087D831h
                                                                                  push eax
                                                                                  call dword ptr [00408260h]
                                                                                  mov esi, eax
                                                                                  mov dword ptr [esp+1Ch], esi
                                                                                  jmp 00007F62B087B4E3h
                                                                                  push 00000020h
                                                                                  pop ebx
                                                                                  cmp ax, bx
                                                                                  jne 00007F62B087B45Ah
                                                                                  add esi, 02h
                                                                                  cmp word ptr [esi], bx

                                                                                  Rich Headers

                                                                                  Programming Language:
                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                  • [ C ] VS2010 SP1 build 40219
                                                                                  • [RES] VS2010 SP1 build 40219
                                                                                  • [LNK] VS2010 SP1 build 40219

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x9b340xb4.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xf40000x10aa.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x12e3140x2870
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x964.ndata
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x80000x2d0.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x10000x6dae0x6e0000499a6f70259150109c809d6aa0e6edFalse0.6611150568181818data6.508529563136936IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                  .rdata0x80000x2a620x2c0007990aaa54c3bc638bb87a87f3fb13e3False0.3526278409090909data4.390535020989255IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .data0xb0000x67ebc0x200014871d9a00f0e0c8c2a7cd25606c453False0.203125data1.4308602597540492IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .ndata0x730000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .rsrc0xf40000x10aa0x1200cd97893365ef1d0eac2574795e081d2fFalse0.4680989583333333data4.582111622309795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .reloc0xf60000xf320x1000c9335e510a5e5f41b94e1143727ec5eeFalse0.60009765625data5.517292984002765IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                  RT_ICON0xf41f00x30cPNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9538461538461539
                                                                                  RT_ICON0xf44fc0x1c4PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9867256637168141
                                                                                  RT_ICON0xf46c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.10283687943262411
                                                                                  RT_DIALOG0xf4b280x100dataEnglishUnited States0.5234375
                                                                                  RT_DIALOG0xf4c280x11cdataEnglishUnited States0.6056338028169014
                                                                                  RT_DIALOG0xf4d440x60dataEnglishUnited States0.7291666666666666
                                                                                  RT_GROUP_ICON0xf4da40x30dataEnglishUnited States0.8958333333333334
                                                                                  RT_MANIFEST0xf4dd40x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                  Imports

                                                                                  DLLImport
                                                                                  KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                  USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                  SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                  ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                  VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                  Possible Origin

                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                  EnglishUnited States

                                                                                  Network Behavior

                                                                                  Suricata IDS Alerts

                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                  2025-01-12T17:22:34.648169+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1154.216.18.1695586192.168.2.449742TCP

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Jan 12, 2025 17:22:33.980041981 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:33.984947920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:33.985025883 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:33.985161066 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:33.989979982 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:34.642328024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:34.643263102 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:34.648169041 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:34.849049091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:34.857080936 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:34.861938000 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098073006 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098110914 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098165989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098169088 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.098201990 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098239899 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098252058 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.098277092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098350048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098385096 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098413944 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098432064 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.098445892 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098479986 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.098524094 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.098634005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.102288961 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.105808020 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.105863094 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.105966091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.105994940 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.106044054 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.184705973 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.184741974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.185151100 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.206759930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.206815958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.206849098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.206878901 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.210720062 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.210755110 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.210779905 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.210788965 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.210836887 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.218029976 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.218086004 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.218116045 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.218215942 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.225867033 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.225900888 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.225934982 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.225934982 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.225981951 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.233385086 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.233419895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.233467102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.233486891 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.240901947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.240931988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.240951061 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.241029024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.241058111 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.241075993 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.248249054 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.248284101 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.248301029 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.248317957 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.248383999 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.255651951 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.255686998 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.255717993 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.255774975 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.262615919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.262650013 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.262670040 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.262682915 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.262742043 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.269725084 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.269759893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.269792080 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.269833088 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.277050972 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.277101040 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.277107000 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.277137041 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.277180910 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.284107924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.284137964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.284212112 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.293365955 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.293395042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.293469906 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.315553904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.315623999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.315653086 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.315675974 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.318937063 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.318977118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.318986893 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.319011927 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.319057941 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.326117992 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.326153040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.326185942 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.326227903 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.331877947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.331912994 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.331931114 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.331948042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.332031965 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.338107109 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.338135958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.338197947 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.338232994 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.338287115 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.338335037 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.343920946 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.343950987 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.344027996 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.344072104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.344086885 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.344110012 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.350035906 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.350073099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.350106001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.350135088 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.356138945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.356174946 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.356192112 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.356209040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.356259108 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.362096071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.362124920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.362174034 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.362176895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.362206936 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.362385035 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.368149996 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.368179083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.368230104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.368246078 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.368261099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.368305922 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.374264956 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.374294043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.374392033 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.374406099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.374435902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.374483109 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.383358002 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.383368969 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.383378029 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.383404970 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.383574963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.383620977 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.389461040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.389499903 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.389508963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.389553070 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.395658016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.395692110 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.395709991 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.395724058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.395767927 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.400743961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.400773048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.400824070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.400825024 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.400855064 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.400899887 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.405802965 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.405818939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.405858994 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.405960083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.405988932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.406034946 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.410960913 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.410995007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.411027908 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.411063910 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.415837049 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.415870905 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.415889025 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.415903091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.415944099 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.420891047 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.420924902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.420958042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.420991898 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.425796986 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.425829887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.425851107 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.425863028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.425951958 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.430699110 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.430732965 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.430763960 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.430988073 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.435811996 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.435842991 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.435873985 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.435894966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.435924053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.435977936 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.438848019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.438877106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.438905954 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.438960075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.438990116 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.439035892 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.441941023 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.441976070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.441998959 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.442009926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.442260027 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.444981098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.445014954 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.445046902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.445064068 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.448107958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.448142052 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.448173046 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.448174953 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.448822975 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.451009989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.451064110 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.451092005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.451149940 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.453943968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.453977108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.454062939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.454090118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.454125881 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.457149982 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.457179070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.457206011 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.457251072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.457279921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.457324028 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.460011005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.460058928 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.460062981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.460092068 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.460135937 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.462868929 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.462898970 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.462992907 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.463021040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.463059902 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.463082075 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.465883017 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.465912104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.466001034 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.466046095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.466074944 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.466142893 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.468806982 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.468841076 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.468873024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.469023943 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.471724987 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.471755028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.471784115 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.471805096 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.471834898 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.471868992 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.476310015 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.476346016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.476365089 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.476377964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.476429939 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.476452112 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.476505995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.476560116 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.478902102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.478935003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.478966951 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.478996038 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.481729984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.481743097 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.481751919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.481784105 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.481823921 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.484505892 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.484539032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.484571934 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.484592915 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.487246990 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.487281084 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.487298012 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.487340927 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.487387896 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.490143061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.490173101 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.490216017 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.490289927 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.490319967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.490362883 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.492856026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.492908955 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.492937088 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.492958069 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.495588064 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.495637894 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.495644093 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.495673895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.495718956 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.498466969 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.498502016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.498533964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.498550892 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.501152992 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.501183987 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.501199007 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.501267910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.501297951 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.501323938 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.504062891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.504112005 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.504117966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.504148006 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.504192114 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.506516933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.506551981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.506583929 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.506597042 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.509208918 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.509244919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.509265900 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.509279013 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.509339094 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.511934996 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.511965036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.512016058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.512020111 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.512046099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.512084007 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.514663935 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.514698029 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.514729977 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.514759064 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.517251968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.517282009 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.517307043 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.517385006 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.517414093 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.517513037 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.519864082 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.519897938 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.519912958 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.519932032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.519979954 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.522516966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.522547007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.522653103 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.522661924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.522691011 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.522777081 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.524947882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.524981976 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.525013924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.525029898 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.527549028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.527582884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.527614117 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.527614117 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.527688026 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.530123949 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.530179977 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.530209064 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.530225039 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.532715082 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.532748938 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.532764912 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.532799959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.533426046 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.535362005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.535396099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.535429955 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.535475016 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.537625074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.537653923 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.537688971 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.538784027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.538817883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.538846016 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.538852930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.538907051 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.541265011 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.541300058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.541331053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.541373014 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.543735027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.543770075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.543801069 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.543839931 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.543855906 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.546140909 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.546169996 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.546240091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.546247005 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.546269894 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.546415091 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.548495054 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.548528910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.548559904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.548654079 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.550858974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.550894976 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.550928116 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.550970078 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.550970078 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.552864075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.552901030 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.552933931 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.552978992 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.554799080 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.554832935 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.554866076 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.554879904 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.554915905 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.556621075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.556654930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.556689024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.556746006 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.558532953 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.558568001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.558598995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.558617115 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.558644056 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.560324907 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.560353994 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.560400963 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.560427904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.560456991 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.560502052 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.562166929 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.562201977 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.562237024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.562252045 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.564125061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.564158916 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.564192057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.564264059 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.565972090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.566005945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.566039085 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.566417933 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.567617893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.567651987 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.567672014 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.567698956 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.567748070 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.569844007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.569879055 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.569926977 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.569931030 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.571026087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.571059942 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.571083069 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.571094036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.571141005 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.572823048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.572856903 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.572889090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.572906971 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.574484110 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.574517012 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.574537992 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.574551105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.574596882 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.576001883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.576036930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.576070070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.576102972 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.577603102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.577631950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.577673912 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.577686071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.577713966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.577761889 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.579202890 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.579238892 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.579261065 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.579271078 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.579330921 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.580733061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.580768108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.580801964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.580828905 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.583142042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.583172083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.583194017 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.583223104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.583257914 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.583271027 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.583292961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.583338976 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.584642887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.584672928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.584723949 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.584752083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.584778070 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.584813118 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.586174965 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.586209059 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.586241961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.586255074 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.587713957 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.587748051 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.587779999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.587785006 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.587830067 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.589330912 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.589359045 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.589458942 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.589487076 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.589509964 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.589535952 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.590755939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.590785980 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.590837002 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.590837955 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.590868950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.590923071 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.592328072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.592356920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.592405081 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.592434883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.592463017 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.592510939 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.593753099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.593787909 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.593821049 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.593822956 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.595108032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.595141888 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.595156908 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.595174074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.595220089 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.597058058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.597091913 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.597145081 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.597193003 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.598252058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.598288059 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.598311901 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.598321915 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.598364115 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.599811077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.599843979 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.599875927 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.599929094 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.600752115 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.600785971 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.600811005 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.600820065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.600856066 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.602247953 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.602283001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.602317095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.602363110 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.603693962 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.603729010 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.603745937 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.603763103 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.603807926 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.604974985 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.605007887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.605041027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.605055094 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.606288910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.606343985 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.606354952 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.606374025 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.606422901 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.607604027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.607639074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.607671976 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.607686996 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.609003067 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.609036922 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.609070063 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.609086037 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.609112024 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.610441923 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.610476971 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.610510111 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.610527039 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.611603022 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.611632109 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.611656904 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.611725092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.611753941 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.611800909 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.614094019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.614213943 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.614252090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.614285946 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.614320993 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.614330053 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.614356995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.614408016 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.619337082 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.619370937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.619405031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.619438887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.619450092 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.619476080 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.619482994 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.619508982 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.619541883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.619553089 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.625338078 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.625390053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.625401974 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.625443935 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.625485897 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.625546932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.625581026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.625616074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.625639915 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.625978947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.626013994 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.626024961 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.632925987 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.632960081 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.632993937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.633027077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.633038044 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.633053064 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.633164883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.633199930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.633244991 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.633253098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.633645058 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.639516115 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.639568090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.639667988 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.639669895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.639704943 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.639739037 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.639750957 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.639774084 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.639807940 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.639885902 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.645350933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.645385027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.645417929 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.645442963 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.645452976 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.645482063 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.645488024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.645539045 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.645571947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.645585060 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.645606041 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.645612001 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.650738001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.650768995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.650796890 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.650820017 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.650866032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.650893927 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.650932074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.650968075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.650986910 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.651004076 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.651036978 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.651053905 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.656896114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.656949043 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.657063961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.657099962 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.657499075 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.657874107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.660056114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.660089016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.660108089 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.660124063 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.660181046 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.660190105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.661036015 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.661070108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.661092043 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.661103964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.661153078 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.661155939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.661190033 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.661223888 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.661236048 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.661259890 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.661307096 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.665919065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.665983915 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.666019917 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.666029930 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.666054964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.666090012 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.666104078 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.666127920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.666162968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.666204929 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.671251059 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.671303988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.671305895 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.671351910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.671386003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.671406031 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.671574116 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.671607971 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.671633005 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.671643972 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.671673059 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.671695948 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.675936937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.675971031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.675983906 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.676023006 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.676088095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.676122904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.676135063 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.676165104 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.676258087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.676305056 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.676708937 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.681757927 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.681792021 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.681826115 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.681840897 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.681862116 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.681906939 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.681907892 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.681942940 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.681991100 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.682089090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.686448097 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.686499119 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.686532974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.686564922 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.686566114 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.686597109 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.686599016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.686634064 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.686667919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.686676979 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.687179089 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.688841105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.688873053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.688914061 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.688924074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.688958883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.688992977 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.689033985 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.689279079 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.689321995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.689337969 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.689346075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.689348936 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.689419031 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.692975044 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.693010092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.693018913 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.693043947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.693087101 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.693161964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.693196058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.693227053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.693259954 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.693495989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.693530083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.693586111 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.696837902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.696866989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.696904898 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.696919918 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.696958065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.696993113 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.697004080 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.697027922 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.697062969 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.697094917 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.697113991 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.701051950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.701102018 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.701111078 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.701137066 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.701169014 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.701204062 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.701225042 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.701248884 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.701306105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.701365948 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.701422930 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.705964088 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.705996990 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.706032038 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.706049919 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.706161022 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.706196070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.706228971 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.706243992 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.706274033 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.706484079 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.706520081 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.706598043 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.712212086 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.712264061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.712316036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.712348938 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.712363005 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.712394953 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.712404966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.712456942 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.712496042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.712510109 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.728837967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.728872061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.728895903 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.728907108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.728950024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.728952885 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.728985071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.729016066 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.729049921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.729059935 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.729084015 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.729106903 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.733443975 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.733478069 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.733508110 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.733558893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.733592987 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.733625889 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.733647108 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.733680964 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.733777046 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.733815908 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.733870029 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.737965107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.737993956 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.738040924 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.738045931 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.738080978 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.738114119 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.738157034 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.738776922 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.738811970 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.738845110 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.738852024 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.738888025 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.744555950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.744584084 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.744723082 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.744755983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.744775057 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.744788885 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.744837999 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.744890928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.744925976 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.744961023 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.745008945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.745009899 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.745038986 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.749284029 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.749317884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.749345064 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.749352932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.749388933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.749433041 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.749440908 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.749448061 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.749481916 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.749602079 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.749644041 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.753366947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.753396988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.753448963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.753453970 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.753484011 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.753550053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.753556013 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.753583908 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.753617048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.753633022 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.753652096 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.753695011 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.758233070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.758270979 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.758352995 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.758407116 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.758486032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.758521080 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.758554935 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.758563995 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.758809090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.758852959 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.758863926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.759138107 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.762579918 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.762614012 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.762648106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.762681007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.762691975 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.762716055 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.762834072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.762867928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.762903929 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.762923002 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.762932062 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.763344049 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.767041922 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.767076969 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.767141104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.767142057 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.767177105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.767211914 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.767258883 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.767263889 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.767298937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.767348051 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.767353058 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.767388105 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.771498919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.771534920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.771568060 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.771608114 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.771651030 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.771686077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.771703005 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.771739960 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.771773100 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.771785975 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.771807909 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.771857023 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.775557041 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.775585890 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.775619984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.775640965 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.775671959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.775715113 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.775724888 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.775775909 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.775825024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.775867939 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.776316881 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.776365042 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.779637098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.779695034 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.779745102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.779778957 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.779810905 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.779844999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.779855013 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.779880047 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.779890060 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.783474922 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.783504963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.783534050 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.783593893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.783646107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.783651114 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.783680916 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.783715010 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.783750057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.783759117 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.783785105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.783804893 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.788090944 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.788155079 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.788184881 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.788239956 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.788273096 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.788307905 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.788321018 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.788340092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.788355112 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.788374901 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.788486958 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.792638063 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.792691946 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.792742968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.792777061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.792788029 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.792810917 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.792845011 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.792877913 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.792885065 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.798760891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.798813105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.798825979 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.798847914 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.798893929 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.799031019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.799093962 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.799134016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.799153090 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.799184084 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.799217939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.799463987 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.812941074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.812974930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.813005924 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.813009024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.813041925 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.813061953 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.813129902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.813165903 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.813200951 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.813210011 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.813823938 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.818661928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.818715096 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.818747044 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.818768024 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.818840981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.818876028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.818907976 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.818927050 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.818954945 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.819169044 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.819221020 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.820036888 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.824312925 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.824347019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.824382067 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.824398994 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.824414968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.824450016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.824457884 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.824501038 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.824548960 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.824553967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.829710007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.829763889 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.829796076 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.829864979 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.829947948 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.829981089 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.830013037 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.830064058 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.830204964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.830241919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.830286980 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.834394932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.834448099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.834467888 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.834481001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.834582090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.834585905 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.834635019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.834686041 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.834702969 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.834722996 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.834785938 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.834794044 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.839145899 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.839200974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.839251995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.839282036 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.839287043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.839308977 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.839339018 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.839375019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.839407921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.839454889 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.844969034 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.845002890 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.845036983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.845055103 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.845122099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.845155001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.845177889 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.845192909 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.845230103 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.845289946 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.849296093 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.849329948 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.849361897 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.849364042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.849437952 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.849462986 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.849498034 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.849530935 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.849545002 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.849566936 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.850322962 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.853681087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.853754997 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.853856087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.853889942 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.853924036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.853940964 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.853957891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.853991985 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.854023933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.854044914 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.854068995 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.858161926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.858212948 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.858258009 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.859081984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.859174967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.859225988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.859261036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.859292030 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.859293938 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.859325886 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.862281084 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.862333059 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.862365961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.862380028 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.862406969 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.862482071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.862533092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.862567902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.862574100 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.862601042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.862634897 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.862680912 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.866404057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.866436958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.866457939 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.866471052 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.866504908 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.866539955 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.866580963 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.866646051 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.866698027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.866749048 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.870187998 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.870218039 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.870352983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.870385885 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.870421886 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.870443106 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.870455980 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.870594978 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.870714903 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.870765924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.870874882 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.874363899 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.874398947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.874449968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.874483109 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.874494076 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.874517918 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.874551058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.874584913 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.874586105 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.874604940 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.879259109 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.879323006 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.879328966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.879364014 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.879415989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.879447937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.879481077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.879492044 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.879514933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.879558086 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.885488033 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.885540009 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.885574102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.885606050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.885623932 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.885639906 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.885652065 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.885744095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.885797024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.885848045 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.899496078 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.899548054 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.899600029 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.899612904 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.899633884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.899643898 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.899671078 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.899703026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.899733067 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.899772882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.900670052 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.905390978 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.905441999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.905476093 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.905508041 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.905541897 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.905564070 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.905575037 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.905610085 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.905621052 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.910820007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.910850048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.910876036 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.910901070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.910936117 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.910944939 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.910973072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.911051989 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.911236048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.911271095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.911305904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.911351919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.911355972 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.911616087 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.916306019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.916356087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.916399956 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.916452885 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.916482925 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.916533947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.916568995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.916589022 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.916600943 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.916635036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.916637897 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.916702032 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.921082020 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.921116114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.921149015 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.921173096 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.921325922 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.921360016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.921401978 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.921423912 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.921457052 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.921489954 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.921502113 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.921639919 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.925846100 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.925879002 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.925913095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.925946951 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.925955057 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.926021099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.926069021 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.926091909 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.926126003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.926155090 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.926157951 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.926213026 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.931540966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.931570053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.931606054 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.931615114 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.931658030 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.931740046 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.931773901 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.931785107 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.931807995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.931827068 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.931842089 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.931911945 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.935945034 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.936012983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.936060905 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.936096907 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.936115980 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.936142921 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.936150074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.936202049 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.936237097 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.936253071 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.936273098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.936460018 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.940416098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.940449953 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.940483093 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.940558910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.940592051 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.940597057 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.940632105 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.940644979 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.940677881 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.940690041 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.940712929 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.940776110 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.944820881 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.944854021 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.944886923 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.944916964 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.944943905 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.944981098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.945029974 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.945030928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.945067883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.945100069 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.945151091 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.948964119 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.949035883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.949071884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.949090958 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.949120998 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.949157953 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.949215889 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.949301004 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.949352026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.949409962 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.953038931 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.953068018 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.953166008 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.953198910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.953217030 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.953231096 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.953418970 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.953471899 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.953505039 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.953525066 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.953537941 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.953866005 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.957026005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.957113028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.957149029 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.957180977 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.957197905 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.957215071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.957216978 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.957252026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.957287073 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.957299948 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.961110115 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.961163044 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.961173058 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.961198092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.961231947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.961244106 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.961267948 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.961301088 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.961317062 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.961337090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.961395025 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.965958118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.965987921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.966037989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.966039896 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.966070890 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.966126919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.966151953 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.966161013 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.966196060 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.966247082 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.966645956 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.966701031 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.972282887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.972316980 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.972351074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.972382069 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.972407103 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.972417116 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.972431898 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.972512960 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.972563028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.972582102 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.986385107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.986419916 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.986454964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.986480951 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.986486912 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.986522913 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.986536980 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.986556053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.986591101 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.986618996 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.986639977 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.992183924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.992218971 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.992253065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.992285967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.992295027 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.992321968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.992356062 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.992388010 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.992409945 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.997596025 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.997648954 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.997659922 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.997684002 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.997734070 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:35.997790098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.997823000 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.997857094 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.997889996 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:35.997936964 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.003076077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.003108025 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.003142118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.003165007 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.003216982 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.003252983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.003285885 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.003307104 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.003350019 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.003554106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.003587961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.003829956 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.007782936 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.007817030 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.007850885 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.007869005 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.007929087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.008013964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.008049011 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.008074999 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.008081913 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.008094072 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.008116961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.008687019 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.012590885 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.012624979 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.012662888 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.012696981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.012712002 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.012872934 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.012907028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.012919903 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.012943029 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.012970924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.013000011 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.013011932 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.018230915 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.018286943 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.018320084 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.018338919 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.018354893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.018486023 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.018537045 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.018573999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.018588066 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.018603086 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.019700050 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.022752047 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.022782087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.022814989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.022866011 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.022866011 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.022902966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.022919893 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.022954941 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.022989988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.023008108 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.023025036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.023066998 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.027229071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.027260065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.027292967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.027307034 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.027348042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.027381897 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.027487040 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.027568102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.027601957 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.027637005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.027647972 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.027666092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.027717113 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.031584024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.031634092 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.031636953 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.031672001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.031704903 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.031738043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.031754017 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.031773090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.031781912 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.031841040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.031883001 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.035684109 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.035717964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.035752058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.035794973 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.035836935 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.035870075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.035880089 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.035923004 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.035954952 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.035986900 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.035990953 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.036040068 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.039791107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.039843082 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.039879084 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.039895058 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.039911985 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.039946079 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.039999008 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.040095091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.040149927 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.040149927 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.044213057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.044250965 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.044284105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.044306993 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.044318914 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.044337034 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.044389009 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.044424057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.044456959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.044467926 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.044491053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.044498920 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.047863007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.047892094 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.047911882 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.047926903 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.047960997 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.047971964 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.048033953 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.048068047 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.048084974 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.048104048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.048139095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.048263073 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.052681923 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.052732944 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.052783966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.052788973 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.052817106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.052851915 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.052860975 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.052885056 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.052920103 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.052931070 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.053143024 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.058888912 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.058917999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.058954954 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.058968067 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.059026003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.059061050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.059076071 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.059094906 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.059133053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.059165955 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.059175014 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.059201002 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.072818041 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.072870016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.072937012 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.073005915 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.073043108 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.073045969 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.073065996 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.073081017 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.073331118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.073367119 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.073417902 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.078716040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.078766108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.078798056 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.078831911 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.078854084 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.078866959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.078874111 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.079010963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.079058886 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.079062939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.091953993 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092005014 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.092005014 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092042923 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092075109 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092108965 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092123032 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.092149973 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.092159033 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092194080 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092230082 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092247009 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.092264891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092298031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092308044 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.092333078 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092366934 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092380047 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.092441082 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092473984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.092494965 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.097079039 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.097132921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.097179890 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.097184896 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.097220898 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.097254038 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.097287893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.097304106 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.097322941 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.097364902 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.102902889 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.102971077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.103022099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.103055000 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.103072882 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.103091002 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.103101015 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.103123903 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.103157997 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.103202105 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.105036974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.105070114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.105076075 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.105122089 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.105155945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.105190039 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.105201006 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.105225086 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.105227947 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.105262995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.105360985 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.109885931 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.109937906 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.109972954 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.110006094 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.110017061 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.110040903 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.110074043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.110081911 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.110110044 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.110122919 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.114073992 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.114125967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.114160061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.114170074 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.114195108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.114229918 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.114264011 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.114274025 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.114300013 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.114341974 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.118412971 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.118447065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.118480921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.118530035 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.118565083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.118577957 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.118599892 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.118633032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.118712902 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.122517109 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.122569084 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.122612000 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.122620106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.122653961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.122677088 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.122721910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.122756004 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.122776985 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.122791052 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.122909069 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.126683950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.126718044 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.126761913 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.126770973 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.126808882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.126822948 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.126856089 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.126867056 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.126890898 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.126894951 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.131273031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.131330967 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.131362915 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.131398916 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.131432056 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.131443024 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.131467104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.131500006 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.131534100 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.131581068 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.136356115 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.136406898 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.136442900 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.136455059 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.136495113 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.136531115 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.136563063 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.136574030 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.136598110 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.136648893 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.144526005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.144561052 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.144612074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.144644976 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.144680023 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.144681931 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.144712925 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.144736052 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.144747019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.144793034 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.145978928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.146029949 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.146064997 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.146099091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.146102905 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.146135092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.146143913 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.146169901 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.146203995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.146214008 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.170888901 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.170917988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.170936108 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.170973063 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.171005964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.171016932 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.171055079 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.171183109 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.171302080 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.171350002 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.171401978 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.171422958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.171452045 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.171500921 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.179305077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.179349899 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.179400921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.179408073 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.179430962 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.179466963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.179512024 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.179517984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.179553032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.179579020 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.179846048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.179879904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.179896116 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.182770967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.182801008 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.182838917 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.182857037 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.182893038 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.182909012 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.182944059 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.182976007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.183011055 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.183022976 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.183051109 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.183423042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.183576107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.183604002 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.183656931 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.183726072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.183759928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.183769941 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.183852911 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.184065104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.184077978 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.184108973 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.184114933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.184140921 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.184143066 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.184791088 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.188821077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.188849926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.188920021 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.188927889 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.188952923 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.188971043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.189033031 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.189163923 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.189213037 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.189217091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.189251900 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.189284086 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.189372063 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.193955898 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.193989038 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194017887 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.194037914 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194214106 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.194214106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194251060 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194284916 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194315910 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.194318056 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194351912 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194365025 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.194679022 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194727898 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194763899 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194770098 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.194797993 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194833040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194839001 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.194868088 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194901943 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.194904089 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.194940090 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.196400881 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.196429968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.196477890 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.196485043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.196513891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.196615934 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.196650028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.196664095 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.196682930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.196706057 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.196881056 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.196964979 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.197011948 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.200573921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.200628042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.200680017 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.200700045 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.200733900 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.200748920 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.200926065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.200958967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.200972080 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.200997114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.201025963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.201064110 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.205147028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.205194950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.205226898 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.205261946 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.205277920 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.205313921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.205363989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.205395937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.205430031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.205441952 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.209203959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.209254026 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.209255934 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.209291935 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.209336996 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.209358931 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.209393978 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.209425926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.209434032 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.209460974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.209506035 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.213351011 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.213414907 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.213447094 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.213480949 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.213480949 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.213517904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.213526011 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.213551044 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.213586092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.213601112 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.213627100 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.213670969 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.217924118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.217977047 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.218005896 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.218070984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.218106985 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.218108892 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.218136072 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.218139887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.218174934 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.218183994 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.218209028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.218254089 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.223143101 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.223174095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.223222971 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.223257065 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.223274946 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.223309040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.223345041 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.223359108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.223392010 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.223424911 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.223465919 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.231184959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.231218100 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.231268883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.231272936 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.231342077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.231376886 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.231410027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.231434107 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.231443882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.231460094 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.232357025 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.232391119 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.232424021 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.232459068 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.232476950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.232494116 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.232513905 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.232546091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.232593060 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.232758999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.232794046 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.233072042 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.257658958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.257693052 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.257714987 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.257745028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.257777929 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.257785082 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.257812023 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.257843971 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.257869959 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.257878065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.257922888 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.266043901 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.266072989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.266123056 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.266155958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.266175985 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.266196966 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.266205072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.266257048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.266292095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.266304970 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.266324043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.266360044 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.269494057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.269531965 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.269542933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.269572973 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.269629002 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.269682884 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.269697905 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.269731998 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.269764900 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.269797087 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.269797087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.269908905 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.270312071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.270340919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.270374060 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.270380974 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.270457983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.270492077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.270495892 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.270526886 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.270592928 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.270776987 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.270812035 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.270924091 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.275543928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.275573015 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.275623083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.275626898 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.275656939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.275691986 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.275724888 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.275752068 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.275779009 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.275999069 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.276051998 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.276098967 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.280605078 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.280638933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.280673027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.280683041 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.280708075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.280744076 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.280776024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.280827045 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.280858040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.280900002 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.280957937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.281055927 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.281240940 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.281275034 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.281321049 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.281352997 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.281496048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.281528950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.281563044 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.281569004 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.281595945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.281599998 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.281630993 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.281672001 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.283196926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.283229113 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.283263922 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.283296108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.283339024 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.283348083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.283430099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.283463001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.283478975 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.287296057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.287342072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.287411928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.287424088 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.287478924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.287492990 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.287513971 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.287548065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.287580967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.287626028 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.287875891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.291847944 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.291876078 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.291897058 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.292012930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.292046070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.292079926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.292112112 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.292113066 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.292140961 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.292146921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.292180061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.292196035 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.295783997 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.295811892 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.295835018 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.295875072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.295905113 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.295908928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.295943022 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.296103954 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.296108007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.296194077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.296226025 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.296245098 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.296261072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.296298981 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.308540106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.308569908 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.308603048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.308623075 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.308636904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.308722019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.308753967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.308789015 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.308800936 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.308821917 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.308862925 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.308965921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.309032917 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.309082985 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.309129000 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.309154034 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.309195995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.309204102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.309235096 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.309271097 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.310358047 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.310412884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.310448885 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.310461998 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.310513020 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.310560942 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.310595036 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.310597897 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.310610056 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.310666084 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.317964077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.317995071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.318027973 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.318044901 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.318080902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.318093061 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.318094015 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.318154097 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.318373919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.318407059 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.318442106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.318484068 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.318490028 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.318608999 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.319186926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.319219112 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.319252968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.319274902 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.319286108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.319331884 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.319335938 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.319370031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.319402933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.319411039 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.344268084 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.344280005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.344290018 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.344332933 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.344392061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.344433069 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.344480991 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.344516039 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.344571114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.344602108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.344634056 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.353630066 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.353658915 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.353683949 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.353693962 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.353744984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.353765965 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.353776932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.353980064 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.354031086 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.354034901 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.354065895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.354099989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.354115009 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.354137897 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.356110096 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.356159925 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.356205940 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.356211901 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.356245995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.356278896 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.356343031 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.356496096 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.356529951 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.356535912 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.356564999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.356592894 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.356612921 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.357358932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.357388020 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.357408047 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.357454062 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.357486963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.357517958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.357530117 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.357559919 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.357691050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.357718945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.357759953 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.357791901 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.357841969 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.357930899 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.362358093 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.362391949 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.362426043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.362477064 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.362504005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.362538099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.362588882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.362622023 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.362627029 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.362648010 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.362654924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.362721920 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.367588997 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.367640972 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.367672920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.367706060 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.367741108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.367754936 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.367791891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.367825031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.367846012 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.367887974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.368110895 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.368220091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.368269920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.368367910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.368412971 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.368434906 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.368469000 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.368504047 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.368525982 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.368570089 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.368803024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.368835926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.368880987 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.369966984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.370049953 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.370083094 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.370127916 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.370206118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.370239019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.370253086 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.370271921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.370322943 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.370373964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.370424986 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.370484114 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.374636889 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.374670982 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.374702930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.374711037 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.374825954 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.374857903 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.374875069 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.374893904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.374926090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.374943018 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.374959946 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.375015974 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.381895065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.381927967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.381963015 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.381990910 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.381995916 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.382031918 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.382051945 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.382082939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.382116079 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.382148981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.382169962 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.382195950 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.387428999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.387464046 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.387511015 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.387521029 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.387564898 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.387598038 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.387612104 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.387633085 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.387665987 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.387686014 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.395214081 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.395246029 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.395268917 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.395278931 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.395348072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.395349026 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.395399094 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.395447969 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.395482063 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.395503044 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.395528078 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.395803928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.395855904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.395900011 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.396069050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.396101952 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.396135092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.396162987 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.396244049 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.396291971 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.396296024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.396328926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.396362066 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.396375895 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.397068977 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.397098064 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.397115946 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.397146940 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.397193909 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.397197962 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.397231102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.397265911 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.397294044 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.397296906 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.397331953 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.397339106 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.404619932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.404653072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.404685020 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.404719114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.404736996 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.404757977 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.404792070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.404856920 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.404917002 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.404948950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.404964924 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.405663967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.405714035 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.405730963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.405780077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.405814886 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.405827045 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.405848026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.405883074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.405922890 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.406006098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.406492949 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.431015015 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.431049109 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.431081057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.431154966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.431188107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.431195974 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.431195974 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.431222916 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.431257963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.431268930 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.431291103 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.431375980 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.440614939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.440644026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.440692902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.440713882 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.440726042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.440761089 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.440771103 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.440794945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.440826893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.440857887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.440903902 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.440923929 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.442833900 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.442886114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.442919016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.442945004 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.442951918 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.443113089 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.443145990 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.443172932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.443205118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.443237066 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.443245888 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.443367004 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.444267035 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.444300890 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.444353104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.444356918 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.444387913 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.444432020 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.444490910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.444525003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.444557905 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.444577932 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.449027061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.449037075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.449094057 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.449119091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.449129105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.449140072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.449170113 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.449177027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.449177980 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.449187994 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.449197054 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.449237108 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.454305887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.454339981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.454359055 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.454380035 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.454437971 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.454444885 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.454495907 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.454528093 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.454561949 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.454592943 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.454615116 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.454988003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.455034018 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.455111027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.455140114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.455173016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.455184937 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.455207109 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.455260992 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.455346107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.455379963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.455413103 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.455425978 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.455440998 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.455485106 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.456682920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.456712008 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.456757069 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.456784010 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.456816912 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.456851959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.456861973 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.456887007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.456967115 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.457195997 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.457230091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.457283020 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.461325884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.461359978 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.461390972 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.461416960 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.461457968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.461492062 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.461512089 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.461541891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.461574078 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.461606026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.461626053 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.461654902 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.468525887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.468554974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.468605995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.468619108 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.468638897 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.468672991 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.468683958 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.468707085 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.468930006 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.468981981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.469029903 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.474112034 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.474144936 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.474175930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.474189043 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.474210978 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.474245071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.474256992 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.474277020 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.474333048 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.474453926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.474504948 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.474553108 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.482187986 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482223034 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482259035 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482276917 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.482291937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482358932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482449055 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482481003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482500076 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.482513905 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482705116 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482754946 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.482755899 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482789993 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482822895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.482826948 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.483163118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.483196020 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.483198881 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.483231068 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.483241081 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.483261108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.483735085 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.483786106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.483786106 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.483835936 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.483870029 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.483902931 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.483915091 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.483967066 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.484016895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.484035015 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.491228104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.491259098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.491287947 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.491365910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.491415024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.491415977 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.491450071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.491482019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.491496086 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.491517067 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.491769075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.491823912 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.492264032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.492316961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.492347956 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.492398024 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.492444992 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.492479086 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.492527962 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.492561102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.492578030 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.492594004 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.492615938 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.517800093 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.517833948 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.517884016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.517916918 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.517945051 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.517945051 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.517951012 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.517983913 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.518007040 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.518018961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.518125057 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.527265072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.527331114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.527360916 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.527385950 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.527410984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.527460098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.527471066 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.527494907 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.527527094 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.527559996 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.527576923 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.527600050 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.529514074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.529566050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.529594898 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.529617071 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.529644966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.529678106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.529686928 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.529731035 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.529762983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.529784918 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.529795885 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.529839039 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.531040907 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.531069040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.531112909 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.531209946 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.531245947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.531279087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.531311035 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.531375885 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.531387091 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.531408072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.531500101 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.535985947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.536036968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.536072016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.536084890 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.536107063 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.536140919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.536145926 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.536174059 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.536221027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.536240101 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.541838884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.541893959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.541898966 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.541954041 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542005062 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.542005062 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542040110 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542072058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542093039 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.542105913 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542138100 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542146921 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.542171001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542203903 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542236090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542264938 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.542269945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542294025 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.542304039 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542336941 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542368889 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542402983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.542416096 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.543382883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.543431997 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.543436050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.543469906 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.543508053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.543512106 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.543544054 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.543580055 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.543612957 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.543647051 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.543658018 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.548032045 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.548064947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.548083067 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.548096895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.548152924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.548177004 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.548191071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.548228979 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.548242092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.548274040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.548305988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.548329115 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.555211067 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.555269957 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.555272102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.555305004 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.555377960 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.555464029 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.555551052 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.555588007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.555627108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.555656910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.555677891 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.560760975 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.560792923 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.560815096 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.560846090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.560880899 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.560915947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.560919046 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.560966969 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.561045885 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.561139107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.561172962 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.561191082 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.561208010 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.561258078 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.568847895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.568881989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.568953991 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.568989038 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.568999052 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.569009066 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.569046974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.569050074 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.569099903 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.569303989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.569339991 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.569452047 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.569467068 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.569488049 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.569525003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.569560051 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.569613934 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.569648981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.569652081 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.569652081 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.569685936 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.569704056 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.570379972 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.570415020 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.570430994 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.570449114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.570498943 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.570539951 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.570593119 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.570626974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.570661068 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.570666075 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.570696115 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.570745945 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.577927113 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.577986956 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.578003883 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.578022003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.578067064 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.578108072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.578161001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.578202009 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.578212023 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.578237057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.578273058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.578284979 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.578963041 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.579037905 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.579051971 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.579086065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.579142094 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.579149008 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.579179049 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.579215050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.579252005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.579271078 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.579297066 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.579520941 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.604602098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.604641914 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.604676008 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.604696035 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.604731083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.604785919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.604815006 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.604835033 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.604850054 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.604886055 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.604931116 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.614012957 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.614088058 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.614101887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.614154100 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.614188910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.614209890 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.614223003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.614259958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.614272118 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.614295006 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.614340067 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.616274118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.616302967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.616355896 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.616370916 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.616389036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.616422892 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.616476059 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.616539955 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.616612911 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.616647959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.616658926 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.616683006 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.616727114 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.617773056 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.617806911 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.617841959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.617873907 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.617880106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.617916107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.617921114 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.617970943 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.618002892 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.618024111 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.618058920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.618103981 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.622641087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.622675896 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.622709036 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.622709036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.622750044 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.622797012 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.622805119 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.622839928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.622874022 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.622888088 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.622908115 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.622910023 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.627810955 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.627846003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.627866983 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.627899885 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.627950907 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.627985954 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.628002882 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.628019094 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.628030062 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.628056049 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.628184080 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.628201008 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.628235102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.628271103 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.628308058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.628351927 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.628505945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.628540993 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.628576994 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.628592968 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.628607988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.628662109 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.630078077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.630130053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.630163908 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.630198002 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.630214930 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.630234003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.630270958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.630306005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.630328894 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.634761095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.634812117 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.634841919 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.634845972 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.634880066 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.634907961 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.634915113 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.634955883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.634989023 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.635044098 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.641865969 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.641921997 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.641951084 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.641984940 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.642040014 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.642088890 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.642122984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.642154932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.642254114 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.642329931 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.642364979 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.642417908 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.647483110 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.647511959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.647536993 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.647566080 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.647618055 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.647619009 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.647655010 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.647689104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.647711039 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.647722006 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.647774935 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.648047924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.655555964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.655585051 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.655607939 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.655638933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.655673981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.655694008 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.655706882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.655757904 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.655790091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.655839920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.655875921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.655909061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.655942917 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.655967951 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.656363010 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.656398058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.656421900 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.656431913 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.656466007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.656491995 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.656501055 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.656636000 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.656692028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.657047033 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.657075882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.657104015 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.657129049 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.657165051 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.657186985 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.657197952 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.657243967 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.657371044 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.657404900 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.657442093 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.657469988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.657516956 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.664653063 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.664683104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.664733887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.664757967 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.664767981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.664803028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.664812088 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.664952040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.664980888 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.665009975 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.665016890 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.665051937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.665220976 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.665662050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.665697098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.665746927 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.665781975 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.665793896 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.665797949 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.665832043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.665896893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.665947914 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.665950060 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.666136026 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.691503048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.691575050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.691612959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.691637993 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.691652060 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.691689968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.691714048 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.691724062 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.691762924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.691788912 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.691795111 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.691854000 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.700774908 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.700813055 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.700870991 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.700894117 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.700905085 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.700942993 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.700973034 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.700978994 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.701018095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.701028109 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.702951908 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.702994108 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.703012943 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.703046083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.703098059 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.703104019 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.703135014 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.703169107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.703191996 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.703207016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.703243017 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.703294039 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.704421043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.704473972 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.704478025 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.704531908 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.704566956 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.704590082 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.704602003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.704701900 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.704754114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.704761028 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.705171108 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.709387064 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.709418058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.709459066 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.709470034 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.709522963 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.709558010 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.709569931 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.709592104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.709625959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.709639072 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.709661007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.709703922 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.714432001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.714487076 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.714545965 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.714560986 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.714581013 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.714615107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.714644909 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.714648962 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.714683056 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.714704990 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.714801073 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.714834929 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.714858055 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.714869022 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.715048075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.715082884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.715105057 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.715121984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.715122938 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.715176105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.715209961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.715260029 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.716739893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.716790915 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.716797113 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.716829062 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.716864109 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.716891050 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.716897964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.716933966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.716967106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.717020035 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.721379995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.721410990 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.721453905 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.721462011 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.721498966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.721533060 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.721560955 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.721705914 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.721735001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.721757889 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.721770048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.721805096 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.721827030 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.761007071 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.898309946 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898353100 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898401022 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898410082 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.898447037 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898500919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898536921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898552895 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.898575068 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.898590088 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898626089 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898675919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898709059 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.898729086 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898763895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898797035 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898811102 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.898830891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898834944 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.898866892 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898902893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898916960 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.898958921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.898992062 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899030924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899044037 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899071932 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.899080038 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899122000 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899154902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899188995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899205923 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.899224043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899257898 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899296045 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899300098 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.899349928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899384975 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899396896 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.899418116 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899451971 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899481058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899498940 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.899516106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899549007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899560928 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.899583101 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899616957 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899633884 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.899652004 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899686098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899732113 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.899735928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899806023 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.899876118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899912119 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899945021 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.899959087 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.899997950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900033951 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900067091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900094986 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.900100946 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900118113 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.900171995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900232077 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.900288105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900340080 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.900346994 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900382042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900423050 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.900432110 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900464058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900482893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900517941 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900531054 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.900553942 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900559902 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.900588989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900621891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900655031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900664091 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.900691032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900723934 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900759935 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900790930 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.900793076 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900829077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900835991 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.900865078 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900898933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900907993 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.900937080 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.900970936 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901005983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901041031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901050091 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.901074886 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901109934 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901143074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901154041 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.901176929 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901211977 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901221037 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.901247978 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901283026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901293039 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.901316881 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901336908 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.901354074 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901388884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.901398897 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.906286955 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.906323910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.906358004 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.906394958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.906429052 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.906452894 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.906482935 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.906524897 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.906534910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.906570911 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.906604052 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.906616926 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.906639099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.906672955 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.906685114 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.906709909 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.906893015 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.907264948 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.907336950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.907387972 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.907421112 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.907423019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.907457113 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.907509089 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.907542944 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.907548904 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.907572031 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.907578945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.907613993 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.907614946 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.908230066 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.908267021 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.908291101 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.908320904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.908374071 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.908379078 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.908410072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.908443928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.908454895 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.908479929 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.908513069 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.908546925 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.908587933 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.909126043 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.909161091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.909212112 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.909246922 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.909270048 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.909282923 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.909298897 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.909318924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.909352064 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.909369946 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.909387112 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.909421921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.909445047 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.910120964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.910168886 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.910172939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.910209894 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.910248995 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.910275936 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.910311937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.910358906 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.910393953 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.910403967 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.910429001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.910434961 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.910465956 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.910535097 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.911016941 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911051989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911089897 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911099911 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.911124945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911161900 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911174059 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.911540031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911587954 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.911592007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911628008 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911664963 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.911679983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911715031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911747932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911781073 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911786079 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.911813021 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911848068 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.911849022 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.911941051 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.912455082 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.912507057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.912554979 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.912575960 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.912623882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.912658930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.912668943 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.912693024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.912729025 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.912763119 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.912772894 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.912798882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.912974119 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.913341999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.913392067 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.913395882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.913433075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.913465977 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.913480997 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.913501024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.913535118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.913546085 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.913916111 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.913964987 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.913970947 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.914165974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.914216042 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.914220095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.914257050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.914304018 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.914309025 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.914345026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.914377928 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.914403915 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.914413929 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.914448023 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.914478064 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.914484024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.914524078 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.915111065 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.915194988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.915246010 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.915247917 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.915283918 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.915357113 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.915371895 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.915393114 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.915427923 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.915441990 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.915463924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.915498018 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.915508032 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.915534019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.915612936 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.916193962 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.916248083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.916280985 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.916292906 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.916318893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.916351080 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.916380882 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.916384935 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.916420937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.916424036 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.916805983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.916840076 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.916855097 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.916893959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.916956902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.916990042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917032957 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.917041063 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917076111 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917109966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917144060 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917146921 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.917181015 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917227983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917263031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917275906 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.917707920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917754889 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.917762995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917803049 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917838097 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917854071 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.917870998 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917907000 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917916059 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.917958021 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917993069 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.917996883 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.918034077 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.918068886 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.918104887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.918116093 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.918142080 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.918143988 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926317930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926345110 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926362038 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926403046 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926431894 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926445007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926460981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926477909 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926526070 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926536083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926552057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926568031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926582098 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926609039 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926630974 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926645041 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926668882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926681995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926683903 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926698923 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926727057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926733971 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926733971 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926743031 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926759005 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926784039 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926786900 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926800966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926815987 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926841021 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926865101 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926866055 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926882982 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926899910 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926913023 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.926923037 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926968098 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.926999092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927016020 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927031040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927047968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927048922 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.927093029 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.927187920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927206993 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927225113 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927239895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927259922 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927265882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927274942 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.927303076 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.927303076 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927329063 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927345037 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927361965 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927367926 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.927378893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.927401066 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.960958958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961004019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961061954 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961098909 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961121082 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.961153984 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961189985 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961245060 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961281061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961292028 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.961318016 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961375952 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961426973 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961462975 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961479902 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.961515903 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961551905 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961600065 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.961601973 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961637020 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961673975 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961709023 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961719036 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.961744070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961779118 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961786985 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.961817026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961858988 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.961869955 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961921930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961955070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.961976051 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.961988926 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962023973 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962029934 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.962059021 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962094069 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962102890 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.962127924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962162018 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962194920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962214947 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.962229967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962241888 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.962266922 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962301970 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962311029 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.962338924 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962373018 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962405920 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962440968 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962450981 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.962475061 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962508917 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962542057 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962557077 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.962579012 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962613106 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962620020 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.962647915 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.962699890 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.985341072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985387087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985409021 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.985445976 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985482931 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985517025 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985532045 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.985559940 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.985569954 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985622883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985657930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985671997 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.985693932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985729933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985785007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985836983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985841036 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.985868931 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985903025 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985918045 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.985938072 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.985996008 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986041069 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.986049891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986084938 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986129045 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.986135960 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986171007 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986205101 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986211061 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.986241102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986247063 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.986277103 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986330032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986370087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986402988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986433983 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.986438036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986473083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986481905 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.986507893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986542940 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986577034 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986587048 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.986613035 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986646891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986649036 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.986681938 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986717939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:36.986723900 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:36.987359047 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.012980938 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013014078 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013070107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013072968 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.013123989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013158083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013180971 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.013210058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013246059 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013278961 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013328075 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013333082 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.013380051 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013410091 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013453007 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.013459921 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013511896 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013561964 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013596058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013617039 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.013647079 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013681889 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013690948 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.013712883 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013747931 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013771057 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.013782978 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013834000 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013869047 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.013889074 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.013896942 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.013904095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014046907 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014077902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014111042 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014138937 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.014144897 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014162064 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.014179945 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014213085 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014250040 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014256001 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.014283895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014300108 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.014317989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014350891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014389038 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014421940 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014436007 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.014456987 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014489889 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014523983 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.014543056 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.014566898 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.047365904 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047394991 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047429085 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047446966 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.047481060 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047533989 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047569036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047621012 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047625065 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.047673941 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047707081 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047724962 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.047745943 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047796011 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047847033 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047878981 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047905922 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.047905922 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.047914028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047946930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047980070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.047987938 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048008919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048057079 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048062086 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048096895 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048129082 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048140049 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048163891 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048180103 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048197985 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048235893 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048269033 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048281908 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048304081 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048335075 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048337936 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048388958 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048427105 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048432112 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048480988 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048521996 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048530102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048563957 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048588037 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048597097 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048633099 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048666000 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048676968 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048700094 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048733950 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048765898 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048782110 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048799038 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048836946 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048870087 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048876047 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.048904896 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048938036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048973083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.048983097 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.049006939 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.049947977 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.071901083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.071935892 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.071969032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072016001 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072051048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072099924 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072103024 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072154999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072187901 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072201967 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072223902 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072258949 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072268009 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072312117 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072364092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072400093 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072412968 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072433949 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072458982 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072468996 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072519064 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072551966 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072581053 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072597027 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072617054 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072658062 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072666883 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072691917 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072725058 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072745085 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072757959 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072808027 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072809935 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072844028 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072885036 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072895050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072928905 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072963953 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.072981119 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.072998047 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.073029995 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.073041916 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.073060036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.073092937 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.073126078 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.073136091 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.073159933 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.073194027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.073200941 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.073227882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.073263884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.073268890 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.073400021 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.099694967 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.099773884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.099807978 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.099859953 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.099889040 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.099912882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.099920034 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.099967003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100003004 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100045919 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.100054979 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100106001 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100141048 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100183010 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.100217104 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100270987 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100321054 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100334883 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.100370884 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100403070 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100440025 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100472927 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100483894 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.100531101 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100564003 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100598097 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100630045 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100641966 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.100665092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100697994 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100730896 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100763083 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.100763083 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100790024 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.100797892 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100831032 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100863934 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100895882 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100913048 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.100929976 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100964069 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.100997925 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.101011038 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.101032019 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.101033926 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.101073027 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.101104975 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.101124048 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.101141930 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.101183891 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.134080887 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134115934 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134166956 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134191990 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.134201050 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134252071 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.134254932 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134304047 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134341002 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134349108 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.134375095 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134422064 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.134426117 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134478092 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134512901 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134562969 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134598017 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.134619951 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134629011 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.134654999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134690046 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134722948 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134741068 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.134764910 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.134773970 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134808064 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134841919 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134851933 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.134876013 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134910107 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134928942 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.134943962 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134977102 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.134988070 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.135025978 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135061026 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135109901 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135130882 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.135144949 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135155916 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.135179996 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135216951 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135236979 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.135251999 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135301113 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135354996 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135389090 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135407925 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.135421991 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135457039 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135468006 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.135490894 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135525942 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135535002 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.135560036 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135596037 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135627985 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135638952 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.135680914 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.135706902 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.135734081 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.136791945 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.136878014 CET497425586192.168.2.4154.216.18.169
                                                                                  Jan 12, 2025 17:22:37.141576052 CET558649742154.216.18.169192.168.2.4
                                                                                  Jan 12, 2025 17:22:37.141627073 CET558649742154.216.18.169192.168.2.4

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Jan 12, 2025 17:22:06.999017000 CET5672453192.168.2.41.1.1.1
                                                                                  Jan 12, 2025 17:22:07.007549047 CET53567241.1.1.1192.168.2.4

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Jan 12, 2025 17:22:06.999017000 CET192.168.2.41.1.1.10xb913Standard query (0)sKVJpeNVvVOkoBPztd.sKVJpeNVvVOkoBPztdA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Jan 12, 2025 17:22:07.007549047 CET1.1.1.1192.168.2.40xb913Name error (3)sKVJpeNVvVOkoBPztd.sKVJpeNVvVOkoBPztdnonenoneA (IP address)IN (0x0001)false

                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:11:21:59
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Users\user\Desktop\1E3Vcm2yrA.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\1E3Vcm2yrA.exe"
                                                                                  Imagebase:0x400000
                                                                                  File size:1'248'132 bytes
                                                                                  MD5 hash:D5552A55F1ED92076D5448A74A21B0C1
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:1
                                                                                  Start time:11:22:01
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c move Levels Levels.cmd & Levels.cmd
                                                                                  Imagebase:0x240000
                                                                                  File size:236'544 bytes
                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:2
                                                                                  Start time:11:22:01
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff7699e0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:3
                                                                                  Start time:11:22:02
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:tasklist
                                                                                  Imagebase:0xca0000
                                                                                  File size:79'360 bytes
                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:4
                                                                                  Start time:11:22:02
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:findstr /I "opssvc wrsa"
                                                                                  Imagebase:0x9e0000
                                                                                  File size:29'696 bytes
                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:5
                                                                                  Start time:11:22:03
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:tasklist
                                                                                  Imagebase:0xca0000
                                                                                  File size:79'360 bytes
                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:6
                                                                                  Start time:11:22:03
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                  Imagebase:0x9e0000
                                                                                  File size:29'696 bytes
                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:7
                                                                                  Start time:11:22:03
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:cmd /c md 22694
                                                                                  Imagebase:0x240000
                                                                                  File size:236'544 bytes
                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:8
                                                                                  Start time:11:22:03
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:extrac32 /Y /E Heroes
                                                                                  Imagebase:0xa00000
                                                                                  File size:29'184 bytes
                                                                                  MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:9
                                                                                  Start time:11:22:04
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:findstr /V "AL" Speaks
                                                                                  Imagebase:0x9e0000
                                                                                  File size:29'696 bytes
                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:10
                                                                                  Start time:11:22:05
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:cmd /c copy /b 22694\Hunt.com + Actors + Competition + Millions + Operates + Wendy + Ships + Ram + Sewing + Groups + Xnxx 22694\Hunt.com
                                                                                  Imagebase:0x240000
                                                                                  File size:236'544 bytes
                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:11
                                                                                  Start time:11:22:05
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:cmd /c copy /b ..\Lie + ..\Scary + ..\Performing + ..\Facial + ..\Omega + ..\Driven + ..\Litigation + ..\Addressing + ..\Calendar D
                                                                                  Imagebase:0x240000
                                                                                  File size:236'544 bytes
                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:12
                                                                                  Start time:11:22:05
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\22694\Hunt.com
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:Hunt.com D
                                                                                  Imagebase:0x300000
                                                                                  File size:947'288 bytes
                                                                                  MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Antivirus matches:
                                                                                  • Detection: 0%, ReversingLabs
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:13
                                                                                  Start time:11:22:05
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\choice.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:choice /d y /t 5
                                                                                  Imagebase:0xf10000
                                                                                  File size:28'160 bytes
                                                                                  MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:17
                                                                                  Start time:11:22:28
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\svchost.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\System32\svchost.exe"
                                                                                  Imagebase:0x620000
                                                                                  File size:46'504 bytes
                                                                                  MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000011.00000003.1986327678.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000011.00000002.2058712787.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000011.00000003.1990494240.0000000005580000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000011.00000003.1990665098.00000000057A0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:20
                                                                                  Start time:11:22:29
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 988
                                                                                  Imagebase:0xc30000
                                                                                  File size:483'680 bytes
                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:21
                                                                                  Start time:11:22:36
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\System32\fontdrvhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                  Imagebase:0x7ff72c440000
                                                                                  File size:827'408 bytes
                                                                                  MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:23
                                                                                  Start time:11:22:39
                                                                                  Start date:12/01/2025
                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 3940 -s 144
                                                                                  Imagebase:0x7ff6965e0000
                                                                                  File size:570'736 bytes
                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  Disassembly

                                                                                  Reset < >

                                                                                    Execution Graph

                                                                                    Execution Coverage:18.6%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:20.7%
                                                                                    Total number of Nodes:1525
                                                                                    Total number of Limit Nodes:34
                                                                                    execution_graph 4341 402fc0 4342 401446 18 API calls 4341->4342 4343 402fc7 4342->4343 4344 403017 4343->4344 4345 40300a 4343->4345 4348 401a13 4343->4348 4346 406805 18 API calls 4344->4346 4347 401446 18 API calls 4345->4347 4346->4348 4347->4348 4349 4023c1 4350 40145c 18 API calls 4349->4350 4351 4023c8 4350->4351 4354 40726a 4351->4354 4357 406ed2 CreateFileW 4354->4357 4358 406f04 4357->4358 4359 406f1e ReadFile 4357->4359 4360 4062a3 11 API calls 4358->4360 4361 4023d6 4359->4361 4364 406f84 4359->4364 4360->4361 4362 4071e3 CloseHandle 4362->4361 4363 406f9b ReadFile lstrcpynA lstrcmpA 4363->4364 4365 406fe2 SetFilePointer ReadFile 4363->4365 4364->4361 4364->4362 4364->4363 4368 406fdd 4364->4368 4365->4362 4366 4070a8 ReadFile 4365->4366 4367 407138 4366->4367 4367->4366 4367->4368 4369 40715f SetFilePointer GlobalAlloc ReadFile 4367->4369 4368->4362 4370 4071a3 4369->4370 4371 4071bf lstrcpynW GlobalFree 4369->4371 4370->4370 4370->4371 4371->4362 4372 401cc3 4373 40145c 18 API calls 4372->4373 4374 401cca lstrlenW 4373->4374 4375 4030dc 4374->4375 4376 4030e3 4375->4376 4378 405f51 wsprintfW 4375->4378 4378->4376 4393 401c46 4394 40145c 18 API calls 4393->4394 4395 401c4c 4394->4395 4396 4062a3 11 API calls 4395->4396 4397 401c59 4396->4397 4398 406c9b 81 API calls 4397->4398 4399 401c64 4398->4399 4400 403049 4401 401446 18 API calls 4400->4401 4404 403050 4401->4404 4402 406805 18 API calls 4403 401a13 4402->4403 4404->4402 4404->4403 4405 40204a 4406 401446 18 API calls 4405->4406 4407 402051 IsWindow 4406->4407 4408 4018d3 4407->4408 4409 40324c 4410 403277 4409->4410 4411 40325e SetTimer 4409->4411 4412 4032cc 4410->4412 4413 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4410->4413 4411->4410 4413->4412 4414 4048cc 4415 4048f1 4414->4415 4416 4048da 4414->4416 4418 4048ff IsWindowVisible 4415->4418 4422 404916 4415->4422 4417 4048e0 4416->4417 4432 40495a 4416->4432 4419 403daf SendMessageW 4417->4419 4421 40490c 4418->4421 4418->4432 4423 4048ea 4419->4423 4420 404960 CallWindowProcW 4420->4423 4433 40484e SendMessageW 4421->4433 4422->4420 4438 406009 lstrcpynW 4422->4438 4426 404945 4439 405f51 wsprintfW 4426->4439 4428 40494c 4429 40141d 80 API calls 4428->4429 4430 404953 4429->4430 4440 406009 lstrcpynW 4430->4440 4432->4420 4434 404871 GetMessagePos ScreenToClient SendMessageW 4433->4434 4435 4048ab SendMessageW 4433->4435 4436 4048a3 4434->4436 4437 4048a8 4434->4437 4435->4436 4436->4422 4437->4435 4438->4426 4439->4428 4440->4432 4441 4022cc 4442 40145c 18 API calls 4441->4442 4443 4022d3 4442->4443 4444 4062d5 2 API calls 4443->4444 4445 4022d9 4444->4445 4446 4022e8 4445->4446 4450 405f51 wsprintfW 4445->4450 4449 4030e3 4446->4449 4451 405f51 wsprintfW 4446->4451 4450->4446 4451->4449 4221 4050cd 4222 405295 4221->4222 4223 4050ee GetDlgItem GetDlgItem GetDlgItem 4221->4223 4224 4052c6 4222->4224 4225 40529e GetDlgItem CreateThread CloseHandle 4222->4225 4270 403d98 SendMessageW 4223->4270 4227 4052f4 4224->4227 4229 4052e0 ShowWindow ShowWindow 4224->4229 4230 405316 4224->4230 4225->4224 4273 405047 83 API calls 4225->4273 4231 405352 4227->4231 4233 405305 4227->4233 4234 40532b ShowWindow 4227->4234 4228 405162 4241 406805 18 API calls 4228->4241 4272 403d98 SendMessageW 4229->4272 4235 403dca 8 API calls 4230->4235 4231->4230 4236 40535d SendMessageW 4231->4236 4237 403d18 SendMessageW 4233->4237 4239 40534b 4234->4239 4240 40533d 4234->4240 4238 40528e 4235->4238 4236->4238 4243 405376 CreatePopupMenu 4236->4243 4237->4230 4242 403d18 SendMessageW 4239->4242 4244 404f72 25 API calls 4240->4244 4245 405181 4241->4245 4242->4231 4246 406805 18 API calls 4243->4246 4244->4239 4247 4062a3 11 API calls 4245->4247 4249 405386 AppendMenuW 4246->4249 4248 40518c GetClientRect GetSystemMetrics SendMessageW SendMessageW 4247->4248 4250 4051f3 4248->4250 4251 4051d7 SendMessageW SendMessageW 4248->4251 4252 405399 GetWindowRect 4249->4252 4253 4053ac 4249->4253 4254 405206 4250->4254 4255 4051f8 SendMessageW 4250->4255 4251->4250 4256 4053b3 TrackPopupMenu 4252->4256 4253->4256 4257 403d3f 19 API calls 4254->4257 4255->4254 4256->4238 4258 4053d1 4256->4258 4259 405216 4257->4259 4260 4053ed SendMessageW 4258->4260 4261 405253 GetDlgItem SendMessageW 4259->4261 4262 40521f ShowWindow 4259->4262 4260->4260 4263 40540a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4260->4263 4261->4238 4266 405276 SendMessageW SendMessageW 4261->4266 4264 405242 4262->4264 4265 405235 ShowWindow 4262->4265 4267 40542f SendMessageW 4263->4267 4271 403d98 SendMessageW 4264->4271 4265->4264 4266->4238 4267->4267 4268 40545a GlobalUnlock SetClipboardData CloseClipboard 4267->4268 4268->4238 4270->4228 4271->4261 4272->4227 4452 4030cf 4453 40145c 18 API calls 4452->4453 4454 4030d6 4453->4454 4456 4030dc 4454->4456 4459 4063ac GlobalAlloc lstrlenW 4454->4459 4457 4030e3 4456->4457 4486 405f51 wsprintfW 4456->4486 4460 4063e2 4459->4460 4461 406434 4459->4461 4462 40640f GetVersionExW 4460->4462 4487 40602b CharUpperW 4460->4487 4461->4456 4462->4461 4463 40643e 4462->4463 4464 406464 LoadLibraryA 4463->4464 4465 40644d 4463->4465 4464->4461 4468 406482 GetProcAddress GetProcAddress GetProcAddress 4464->4468 4465->4461 4467 406585 GlobalFree 4465->4467 4469 40659b LoadLibraryA 4467->4469 4470 4066dd FreeLibrary 4467->4470 4473 4064aa 4468->4473 4476 4065f5 4468->4476 4469->4461 4472 4065b5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4469->4472 4470->4461 4471 406651 FreeLibrary 4480 40662a 4471->4480 4472->4476 4474 4064ce FreeLibrary GlobalFree 4473->4474 4473->4476 4482 4064ea 4473->4482 4474->4461 4475 4066ea 4478 4066ef CloseHandle FreeLibrary 4475->4478 4476->4471 4476->4480 4477 4064fc lstrcpyW OpenProcess 4479 40654f CloseHandle CharUpperW lstrcmpW 4477->4479 4477->4482 4481 406704 CloseHandle 4478->4481 4479->4476 4479->4482 4480->4475 4483 406685 lstrcmpW 4480->4483 4484 4066b6 CloseHandle 4480->4484 4485 4066d4 CloseHandle 4480->4485 4481->4478 4482->4467 4482->4477 4482->4479 4483->4480 4483->4481 4484->4480 4485->4470 4486->4457 4487->4460 4488 407752 4492 407344 4488->4492 4489 407c6d 4490 4073c2 GlobalFree 4491 4073cb GlobalAlloc 4490->4491 4491->4489 4491->4492 4492->4489 4492->4490 4492->4491 4492->4492 4493 407443 GlobalAlloc 4492->4493 4494 40743a GlobalFree 4492->4494 4493->4489 4493->4492 4494->4493 4495 401dd3 4496 401446 18 API calls 4495->4496 4497 401dda 4496->4497 4498 401446 18 API calls 4497->4498 4499 4018d3 4498->4499 4507 402e55 4508 40145c 18 API calls 4507->4508 4509 402e63 4508->4509 4510 402e79 4509->4510 4511 40145c 18 API calls 4509->4511 4512 405e30 2 API calls 4510->4512 4511->4510 4513 402e7f 4512->4513 4537 405e50 GetFileAttributesW CreateFileW 4513->4537 4515 402e8c 4516 402f35 4515->4516 4517 402e98 GlobalAlloc 4515->4517 4520 4062a3 11 API calls 4516->4520 4518 402eb1 4517->4518 4519 402f2c CloseHandle 4517->4519 4538 403368 SetFilePointer 4518->4538 4519->4516 4522 402f45 4520->4522 4524 402f50 DeleteFileW 4522->4524 4525 402f63 4522->4525 4523 402eb7 4527 403336 ReadFile 4523->4527 4524->4525 4539 401435 4525->4539 4528 402ec0 GlobalAlloc 4527->4528 4529 402ed0 4528->4529 4530 402f04 WriteFile GlobalFree 4528->4530 4531 40337f 37 API calls 4529->4531 4532 40337f 37 API calls 4530->4532 4536 402edd 4531->4536 4533 402f29 4532->4533 4533->4519 4535 402efb GlobalFree 4535->4530 4536->4535 4537->4515 4538->4523 4540 404f72 25 API calls 4539->4540 4541 401443 4540->4541 4542 401cd5 4543 401446 18 API calls 4542->4543 4544 401cdd 4543->4544 4545 401446 18 API calls 4544->4545 4546 401ce8 4545->4546 4547 40145c 18 API calls 4546->4547 4548 401cf1 4547->4548 4549 401d07 lstrlenW 4548->4549 4550 401d43 4548->4550 4551 401d11 4549->4551 4551->4550 4555 406009 lstrcpynW 4551->4555 4553 401d2c 4553->4550 4554 401d39 lstrlenW 4553->4554 4554->4550 4555->4553 4556 403cd6 4557 403ce1 4556->4557 4558 403ce5 4557->4558 4559 403ce8 GlobalAlloc 4557->4559 4559->4558 4560 402cd7 4561 401446 18 API calls 4560->4561 4564 402c64 4561->4564 4562 402d99 4563 402d17 ReadFile 4563->4564 4564->4560 4564->4562 4564->4563 4565 402dd8 4566 402ddf 4565->4566 4567 4030e3 4565->4567 4568 402de5 FindClose 4566->4568 4568->4567 4569 401d5c 4570 40145c 18 API calls 4569->4570 4571 401d63 4570->4571 4572 40145c 18 API calls 4571->4572 4573 401d6c 4572->4573 4574 401d73 lstrcmpiW 4573->4574 4575 401d86 lstrcmpW 4573->4575 4576 401d79 4574->4576 4575->4576 4577 401c99 4575->4577 4576->4575 4576->4577 4279 407c5f 4280 407344 4279->4280 4281 4073c2 GlobalFree 4280->4281 4282 4073cb GlobalAlloc 4280->4282 4283 407c6d 4280->4283 4284 407443 GlobalAlloc 4280->4284 4285 40743a GlobalFree 4280->4285 4281->4282 4282->4280 4282->4283 4284->4280 4284->4283 4285->4284 4578 404363 4579 404373 4578->4579 4580 40439c 4578->4580 4582 403d3f 19 API calls 4579->4582 4581 403dca 8 API calls 4580->4581 4583 4043a8 4581->4583 4584 404380 SetDlgItemTextW 4582->4584 4584->4580 4585 4027e3 4586 4027e9 4585->4586 4587 4027f2 4586->4587 4588 402836 4586->4588 4601 401553 4587->4601 4589 40145c 18 API calls 4588->4589 4591 40283d 4589->4591 4593 4062a3 11 API calls 4591->4593 4592 4027f9 4594 40145c 18 API calls 4592->4594 4599 401a13 4592->4599 4595 40284d 4593->4595 4596 40280a RegDeleteValueW 4594->4596 4605 40149d RegOpenKeyExW 4595->4605 4597 4062a3 11 API calls 4596->4597 4600 40282a RegCloseKey 4597->4600 4600->4599 4602 401563 4601->4602 4603 40145c 18 API calls 4602->4603 4604 401589 RegOpenKeyExW 4603->4604 4604->4592 4611 401515 4605->4611 4613 4014c9 4605->4613 4606 4014ef RegEnumKeyW 4607 401501 RegCloseKey 4606->4607 4606->4613 4608 4062fc 3 API calls 4607->4608 4610 401511 4608->4610 4609 401526 RegCloseKey 4609->4611 4610->4611 4614 401541 RegDeleteKeyW 4610->4614 4611->4599 4612 40149d 3 API calls 4612->4613 4613->4606 4613->4607 4613->4609 4613->4612 4614->4611 4615 403f64 4616 403f90 4615->4616 4617 403f74 4615->4617 4619 403fc3 4616->4619 4620 403f96 SHGetPathFromIDListW 4616->4620 4626 405c84 GetDlgItemTextW 4617->4626 4622 403fad SendMessageW 4620->4622 4623 403fa6 4620->4623 4621 403f81 SendMessageW 4621->4616 4622->4619 4624 40141d 80 API calls 4623->4624 4624->4622 4626->4621 4627 402ae4 4628 402aeb 4627->4628 4629 4030e3 4627->4629 4630 402af2 CloseHandle 4628->4630 4630->4629 4631 402065 4632 401446 18 API calls 4631->4632 4633 40206d 4632->4633 4634 401446 18 API calls 4633->4634 4635 402076 GetDlgItem 4634->4635 4636 4030dc 4635->4636 4637 4030e3 4636->4637 4639 405f51 wsprintfW 4636->4639 4639->4637 4640 402665 4641 40145c 18 API calls 4640->4641 4642 40266b 4641->4642 4643 40145c 18 API calls 4642->4643 4644 402674 4643->4644 4645 40145c 18 API calls 4644->4645 4646 40267d 4645->4646 4647 4062a3 11 API calls 4646->4647 4648 40268c 4647->4648 4649 4062d5 2 API calls 4648->4649 4650 402695 4649->4650 4651 4026a6 lstrlenW lstrlenW 4650->4651 4652 404f72 25 API calls 4650->4652 4655 4030e3 4650->4655 4653 404f72 25 API calls 4651->4653 4652->4650 4654 4026e8 SHFileOperationW 4653->4654 4654->4650 4654->4655 4663 401c69 4664 40145c 18 API calls 4663->4664 4665 401c70 4664->4665 4666 4062a3 11 API calls 4665->4666 4667 401c80 4666->4667 4668 405ca0 MessageBoxIndirectW 4667->4668 4669 401a13 4668->4669 4677 402f6e 4678 402f72 4677->4678 4679 402fae 4677->4679 4680 4062a3 11 API calls 4678->4680 4681 40145c 18 API calls 4679->4681 4682 402f7d 4680->4682 4687 402f9d 4681->4687 4683 4062a3 11 API calls 4682->4683 4684 402f90 4683->4684 4685 402fa2 4684->4685 4686 402f98 4684->4686 4689 4060e7 9 API calls 4685->4689 4688 403e74 5 API calls 4686->4688 4688->4687 4689->4687 4690 4023f0 4691 402403 4690->4691 4692 4024da 4690->4692 4693 40145c 18 API calls 4691->4693 4694 404f72 25 API calls 4692->4694 4695 40240a 4693->4695 4700 4024f1 4694->4700 4696 40145c 18 API calls 4695->4696 4697 402413 4696->4697 4698 402429 LoadLibraryExW 4697->4698 4699 40241b GetModuleHandleW 4697->4699 4701 40243e 4698->4701 4702 4024ce 4698->4702 4699->4698 4699->4701 4714 406365 GlobalAlloc WideCharToMultiByte 4701->4714 4703 404f72 25 API calls 4702->4703 4703->4692 4705 402449 4706 40248c 4705->4706 4707 40244f 4705->4707 4708 404f72 25 API calls 4706->4708 4710 401435 25 API calls 4707->4710 4712 40245f 4707->4712 4709 402496 4708->4709 4711 4062a3 11 API calls 4709->4711 4710->4712 4711->4712 4712->4700 4713 4024c0 FreeLibrary 4712->4713 4713->4700 4715 406390 GetProcAddress 4714->4715 4716 40639d GlobalFree 4714->4716 4715->4716 4716->4705 4717 402df3 4718 402dfa 4717->4718 4720 4019ec 4717->4720 4719 402e07 FindNextFileW 4718->4719 4719->4720 4721 402e16 4719->4721 4723 406009 lstrcpynW 4721->4723 4723->4720 4076 402175 4077 401446 18 API calls 4076->4077 4078 40217c 4077->4078 4079 401446 18 API calls 4078->4079 4080 402186 4079->4080 4081 4062a3 11 API calls 4080->4081 4085 402197 4080->4085 4081->4085 4082 4021aa EnableWindow 4084 4030e3 4082->4084 4083 40219f ShowWindow 4083->4084 4085->4082 4085->4083 4731 404077 4732 404081 4731->4732 4733 404084 lstrcpynW lstrlenW 4731->4733 4732->4733 4102 405479 4103 405491 4102->4103 4104 4055cd 4102->4104 4103->4104 4105 40549d 4103->4105 4106 40561e 4104->4106 4107 4055de GetDlgItem GetDlgItem 4104->4107 4108 4054a8 SetWindowPos 4105->4108 4109 4054bb 4105->4109 4111 405678 4106->4111 4119 40139d 80 API calls 4106->4119 4110 403d3f 19 API calls 4107->4110 4108->4109 4113 4054c0 ShowWindow 4109->4113 4114 4054d8 4109->4114 4115 405608 SetClassLongW 4110->4115 4112 403daf SendMessageW 4111->4112 4132 4055c8 4111->4132 4142 40568a 4112->4142 4113->4114 4116 4054e0 DestroyWindow 4114->4116 4117 4054fa 4114->4117 4118 40141d 80 API calls 4115->4118 4171 4058dc 4116->4171 4120 405510 4117->4120 4121 4054ff SetWindowLongW 4117->4121 4118->4106 4122 405650 4119->4122 4125 4055b9 4120->4125 4126 40551c GetDlgItem 4120->4126 4121->4132 4122->4111 4127 405654 SendMessageW 4122->4127 4123 40141d 80 API calls 4123->4142 4124 4058de DestroyWindow KiUserCallbackDispatcher 4124->4171 4181 403dca 4125->4181 4130 40554c 4126->4130 4131 40552f SendMessageW IsWindowEnabled 4126->4131 4127->4132 4129 40590d ShowWindow 4129->4132 4134 405559 4130->4134 4135 4055a0 SendMessageW 4130->4135 4136 40556c 4130->4136 4145 405551 4130->4145 4131->4130 4131->4132 4133 406805 18 API calls 4133->4142 4134->4135 4134->4145 4135->4125 4139 405574 4136->4139 4140 405589 4136->4140 4138 403d3f 19 API calls 4138->4142 4143 40141d 80 API calls 4139->4143 4144 40141d 80 API calls 4140->4144 4141 405587 4141->4125 4142->4123 4142->4124 4142->4132 4142->4133 4142->4138 4162 40581e DestroyWindow 4142->4162 4172 403d3f 4142->4172 4143->4145 4146 405590 4144->4146 4178 403d18 4145->4178 4146->4125 4146->4145 4148 405705 GetDlgItem 4149 405723 ShowWindow KiUserCallbackDispatcher 4148->4149 4150 40571a 4148->4150 4175 403d85 KiUserCallbackDispatcher 4149->4175 4150->4149 4152 40574d EnableWindow 4155 405761 4152->4155 4153 405766 GetSystemMenu EnableMenuItem SendMessageW 4154 405796 SendMessageW 4153->4154 4153->4155 4154->4155 4155->4153 4176 403d98 SendMessageW 4155->4176 4177 406009 lstrcpynW 4155->4177 4158 4057c4 lstrlenW 4159 406805 18 API calls 4158->4159 4160 4057da SetWindowTextW 4159->4160 4161 40139d 80 API calls 4160->4161 4161->4142 4163 405838 CreateDialogParamW 4162->4163 4162->4171 4164 40586b 4163->4164 4163->4171 4165 403d3f 19 API calls 4164->4165 4166 405876 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4165->4166 4167 40139d 80 API calls 4166->4167 4168 4058bc 4167->4168 4168->4132 4169 4058c4 ShowWindow 4168->4169 4170 403daf SendMessageW 4169->4170 4170->4171 4171->4129 4171->4132 4173 406805 18 API calls 4172->4173 4174 403d4a SetDlgItemTextW 4173->4174 4174->4148 4175->4152 4176->4155 4177->4158 4179 403d25 SendMessageW 4178->4179 4180 403d1f 4178->4180 4179->4141 4180->4179 4182 403ddf GetWindowLongW 4181->4182 4192 403e68 4181->4192 4183 403df0 4182->4183 4182->4192 4184 403e02 4183->4184 4185 403dff GetSysColor 4183->4185 4186 403e12 SetBkMode 4184->4186 4187 403e08 SetTextColor 4184->4187 4185->4184 4188 403e30 4186->4188 4189 403e2a GetSysColor 4186->4189 4187->4186 4190 403e41 4188->4190 4191 403e37 SetBkColor 4188->4191 4189->4188 4190->4192 4193 403e54 DeleteObject 4190->4193 4194 403e5b CreateBrushIndirect 4190->4194 4191->4190 4192->4132 4193->4194 4194->4192 4734 4020f9 GetDC GetDeviceCaps 4735 401446 18 API calls 4734->4735 4736 402116 MulDiv 4735->4736 4737 401446 18 API calls 4736->4737 4738 40212c 4737->4738 4739 406805 18 API calls 4738->4739 4740 402165 CreateFontIndirectW 4739->4740 4741 4030dc 4740->4741 4742 4030e3 4741->4742 4744 405f51 wsprintfW 4741->4744 4744->4742 4745 4024fb 4746 40145c 18 API calls 4745->4746 4747 402502 4746->4747 4748 40145c 18 API calls 4747->4748 4749 40250c 4748->4749 4750 40145c 18 API calls 4749->4750 4751 402515 4750->4751 4752 40145c 18 API calls 4751->4752 4753 40251f 4752->4753 4754 40145c 18 API calls 4753->4754 4755 402529 4754->4755 4756 40253d 4755->4756 4757 40145c 18 API calls 4755->4757 4758 4062a3 11 API calls 4756->4758 4757->4756 4759 40256a CoCreateInstance 4758->4759 4760 40258c 4759->4760 4761 40497c GetDlgItem GetDlgItem 4762 4049d2 7 API calls 4761->4762 4767 404bea 4761->4767 4763 404a76 DeleteObject 4762->4763 4764 404a6a SendMessageW 4762->4764 4765 404a81 4763->4765 4764->4763 4768 404ab8 4765->4768 4770 406805 18 API calls 4765->4770 4766 404ccf 4769 404d74 4766->4769 4774 404bdd 4766->4774 4779 404d1e SendMessageW 4766->4779 4767->4766 4777 40484e 5 API calls 4767->4777 4790 404c5a 4767->4790 4773 403d3f 19 API calls 4768->4773 4771 404d89 4769->4771 4772 404d7d SendMessageW 4769->4772 4776 404a9a SendMessageW SendMessageW 4770->4776 4781 404da2 4771->4781 4782 404d9b ImageList_Destroy 4771->4782 4792 404db2 4771->4792 4772->4771 4778 404acc 4773->4778 4780 403dca 8 API calls 4774->4780 4775 404cc1 SendMessageW 4775->4766 4776->4765 4777->4790 4783 403d3f 19 API calls 4778->4783 4779->4774 4785 404d33 SendMessageW 4779->4785 4786 404f6b 4780->4786 4787 404dab GlobalFree 4781->4787 4781->4792 4782->4781 4788 404add 4783->4788 4784 404f1c 4784->4774 4793 404f31 ShowWindow GetDlgItem ShowWindow 4784->4793 4789 404d46 4785->4789 4787->4792 4791 404baa GetWindowLongW SetWindowLongW 4788->4791 4800 404ba4 4788->4800 4803 404b39 SendMessageW 4788->4803 4804 404b67 SendMessageW 4788->4804 4805 404b7b SendMessageW 4788->4805 4799 404d57 SendMessageW 4789->4799 4790->4766 4790->4775 4794 404bc4 4791->4794 4792->4784 4795 404de4 4792->4795 4798 40141d 80 API calls 4792->4798 4793->4774 4796 404be2 4794->4796 4797 404bca ShowWindow 4794->4797 4808 404e12 SendMessageW 4795->4808 4811 404e28 4795->4811 4813 403d98 SendMessageW 4796->4813 4812 403d98 SendMessageW 4797->4812 4798->4795 4799->4769 4800->4791 4800->4794 4803->4788 4804->4788 4805->4788 4806 404ef3 InvalidateRect 4806->4784 4807 404f09 4806->4807 4814 4043ad 4807->4814 4808->4811 4810 404ea1 SendMessageW SendMessageW 4810->4811 4811->4806 4811->4810 4812->4774 4813->4767 4815 4043cd 4814->4815 4816 406805 18 API calls 4815->4816 4817 40440d 4816->4817 4818 406805 18 API calls 4817->4818 4819 404418 4818->4819 4820 406805 18 API calls 4819->4820 4821 404428 lstrlenW wsprintfW SetDlgItemTextW 4820->4821 4821->4784 4822 4026fc 4823 401ee4 4822->4823 4825 402708 4822->4825 4823->4822 4824 406805 18 API calls 4823->4824 4824->4823 4274 4019fd 4275 40145c 18 API calls 4274->4275 4276 401a04 4275->4276 4277 405e7f 2 API calls 4276->4277 4278 401a0b 4277->4278 4826 4022fd 4827 40145c 18 API calls 4826->4827 4828 402304 GetFileVersionInfoSizeW 4827->4828 4829 40232b GlobalAlloc 4828->4829 4833 4030e3 4828->4833 4830 40233f GetFileVersionInfoW 4829->4830 4829->4833 4831 402350 VerQueryValueW 4830->4831 4832 402381 GlobalFree 4830->4832 4831->4832 4835 402369 4831->4835 4832->4833 4839 405f51 wsprintfW 4835->4839 4837 402375 4840 405f51 wsprintfW 4837->4840 4839->4837 4840->4832 4841 402afd 4842 40145c 18 API calls 4841->4842 4843 402b04 4842->4843 4848 405e50 GetFileAttributesW CreateFileW 4843->4848 4845 402b10 4846 4030e3 4845->4846 4849 405f51 wsprintfW 4845->4849 4848->4845 4849->4846 4850 4029ff 4851 401553 19 API calls 4850->4851 4852 402a09 4851->4852 4853 40145c 18 API calls 4852->4853 4854 402a12 4853->4854 4855 402a1f RegQueryValueExW 4854->4855 4857 401a13 4854->4857 4856 402a3f 4855->4856 4860 402a45 4855->4860 4856->4860 4861 405f51 wsprintfW 4856->4861 4859 4029e4 RegCloseKey 4859->4857 4860->4857 4860->4859 4861->4860 4862 401000 4863 401037 BeginPaint GetClientRect 4862->4863 4864 40100c DefWindowProcW 4862->4864 4866 4010fc 4863->4866 4867 401182 4864->4867 4868 401073 CreateBrushIndirect FillRect DeleteObject 4866->4868 4869 401105 4866->4869 4868->4866 4870 401170 EndPaint 4869->4870 4871 40110b CreateFontIndirectW 4869->4871 4870->4867 4871->4870 4872 40111b 6 API calls 4871->4872 4872->4870 4873 401f80 4874 401446 18 API calls 4873->4874 4875 401f88 4874->4875 4876 401446 18 API calls 4875->4876 4877 401f93 4876->4877 4878 401fa3 4877->4878 4879 40145c 18 API calls 4877->4879 4880 401fb3 4878->4880 4881 40145c 18 API calls 4878->4881 4879->4878 4882 402006 4880->4882 4883 401fbc 4880->4883 4881->4880 4885 40145c 18 API calls 4882->4885 4884 401446 18 API calls 4883->4884 4887 401fc4 4884->4887 4886 40200d 4885->4886 4888 40145c 18 API calls 4886->4888 4889 401446 18 API calls 4887->4889 4890 402016 FindWindowExW 4888->4890 4891 401fce 4889->4891 4895 402036 4890->4895 4892 401ff6 SendMessageW 4891->4892 4893 401fd8 SendMessageTimeoutW 4891->4893 4892->4895 4893->4895 4894 4030e3 4895->4894 4897 405f51 wsprintfW 4895->4897 4897->4894 4898 402880 4899 402884 4898->4899 4900 40145c 18 API calls 4899->4900 4901 4028a7 4900->4901 4902 40145c 18 API calls 4901->4902 4903 4028b1 4902->4903 4904 4028ba RegCreateKeyExW 4903->4904 4905 4028e8 4904->4905 4912 4029ef 4904->4912 4906 402934 4905->4906 4907 40145c 18 API calls 4905->4907 4908 402963 4906->4908 4911 401446 18 API calls 4906->4911 4910 4028fc lstrlenW 4907->4910 4909 4029ae RegSetValueExW 4908->4909 4913 40337f 37 API calls 4908->4913 4916 4029c6 RegCloseKey 4909->4916 4917 4029cb 4909->4917 4914 402918 4910->4914 4915 40292a 4910->4915 4918 402947 4911->4918 4919 40297b 4913->4919 4920 4062a3 11 API calls 4914->4920 4921 4062a3 11 API calls 4915->4921 4916->4912 4922 4062a3 11 API calls 4917->4922 4923 4062a3 11 API calls 4918->4923 4929 406224 4919->4929 4925 402922 4920->4925 4921->4906 4922->4916 4923->4908 4925->4909 4928 4062a3 11 API calls 4928->4925 4930 406247 4929->4930 4931 40628a 4930->4931 4932 40625c wsprintfW 4930->4932 4933 402991 4931->4933 4934 406293 lstrcatW 4931->4934 4932->4931 4932->4932 4933->4928 4934->4933 4935 402082 4936 401446 18 API calls 4935->4936 4937 402093 SetWindowLongW 4936->4937 4938 4030e3 4937->4938 3462 403883 #17 SetErrorMode OleInitialize 3536 4062fc GetModuleHandleA 3462->3536 3466 4038f1 GetCommandLineW 3541 406009 lstrcpynW 3466->3541 3468 403903 GetModuleHandleW 3469 40391b 3468->3469 3542 405d06 3469->3542 3472 4039d6 3473 4039f5 GetTempPathW 3472->3473 3546 4037cc 3473->3546 3475 403a0b 3476 403a33 DeleteFileW 3475->3476 3477 403a0f GetWindowsDirectoryW lstrcatW 3475->3477 3554 403587 GetTickCount GetModuleFileNameW 3476->3554 3479 4037cc 11 API calls 3477->3479 3478 405d06 CharNextW 3485 40393c 3478->3485 3481 403a2b 3479->3481 3481->3476 3483 403acc 3481->3483 3482 403a47 3482->3483 3486 403ab1 3482->3486 3487 405d06 CharNextW 3482->3487 3639 403859 3483->3639 3485->3472 3485->3478 3493 4039d8 3485->3493 3582 40592c 3486->3582 3499 403a5e 3487->3499 3490 403ac1 3667 4060e7 3490->3667 3491 403ae1 3646 405ca0 3491->3646 3492 403bce 3495 403c51 3492->3495 3497 4062fc 3 API calls 3492->3497 3650 406009 lstrcpynW 3493->3650 3501 403bdd 3497->3501 3502 403af7 lstrcatW lstrcmpiW 3499->3502 3503 403a89 3499->3503 3504 4062fc 3 API calls 3501->3504 3502->3483 3506 403b13 CreateDirectoryW SetCurrentDirectoryW 3502->3506 3651 40677e 3503->3651 3507 403be6 3504->3507 3509 403b36 3506->3509 3510 403b2b 3506->3510 3511 4062fc 3 API calls 3507->3511 3681 406009 lstrcpynW 3509->3681 3680 406009 lstrcpynW 3510->3680 3515 403bef 3511->3515 3514 403b44 3682 406009 lstrcpynW 3514->3682 3518 403c3d ExitWindowsEx 3515->3518 3523 403bfd GetCurrentProcess 3515->3523 3518->3495 3520 403c4a 3518->3520 3519 403aa6 3666 406009 lstrcpynW 3519->3666 3709 40141d 3520->3709 3526 403c0d 3523->3526 3526->3518 3527 403b79 CopyFileW 3529 403b53 3527->3529 3528 403bc2 3530 406c68 42 API calls 3528->3530 3529->3528 3533 406805 18 API calls 3529->3533 3535 403bad CloseHandle 3529->3535 3683 406805 3529->3683 3701 406c68 3529->3701 3706 405c3f CreateProcessW 3529->3706 3532 403bc9 3530->3532 3532->3483 3533->3529 3535->3529 3537 406314 LoadLibraryA 3536->3537 3538 40631f GetProcAddress 3536->3538 3537->3538 3539 4038c6 SHGetFileInfoW 3537->3539 3538->3539 3540 406009 lstrcpynW 3539->3540 3540->3466 3541->3468 3543 405d0c 3542->3543 3544 40392a CharNextW 3543->3544 3545 405d13 CharNextW 3543->3545 3544->3485 3545->3543 3712 406038 3546->3712 3548 4037e2 3548->3475 3549 4037d8 3549->3548 3721 406722 lstrlenW CharPrevW 3549->3721 3728 405e50 GetFileAttributesW CreateFileW 3554->3728 3556 4035c7 3577 4035d7 3556->3577 3729 406009 lstrcpynW 3556->3729 3558 4035ed 3730 406751 lstrlenW 3558->3730 3562 4035fe GetFileSize 3563 4036fa 3562->3563 3576 403615 3562->3576 3737 4032d2 3563->3737 3565 403703 3567 40373f GlobalAlloc 3565->3567 3565->3577 3771 403368 SetFilePointer 3565->3771 3748 403368 SetFilePointer 3567->3748 3569 4037bd 3573 4032d2 6 API calls 3569->3573 3571 40375a 3749 40337f 3571->3749 3572 403720 3575 403336 ReadFile 3572->3575 3573->3577 3578 40372b 3575->3578 3576->3563 3576->3569 3576->3577 3579 4032d2 6 API calls 3576->3579 3735 403336 ReadFile 3576->3735 3577->3482 3578->3567 3578->3577 3579->3576 3580 403766 3580->3577 3580->3580 3581 403794 SetFilePointer 3580->3581 3581->3577 3583 4062fc 3 API calls 3582->3583 3584 405940 3583->3584 3585 405946 3584->3585 3586 405958 3584->3586 3812 405f51 wsprintfW 3585->3812 3813 405ed3 RegOpenKeyExW 3586->3813 3590 4059a8 lstrcatW 3592 405956 3590->3592 3591 405ed3 3 API calls 3591->3590 3795 403e95 3592->3795 3595 40677e 18 API calls 3596 4059da 3595->3596 3597 405a70 3596->3597 3599 405ed3 3 API calls 3596->3599 3598 40677e 18 API calls 3597->3598 3600 405a76 3598->3600 3601 405a0c 3599->3601 3602 405a86 3600->3602 3603 406805 18 API calls 3600->3603 3601->3597 3607 405a2f lstrlenW 3601->3607 3613 405d06 CharNextW 3601->3613 3604 405aa6 LoadImageW 3602->3604 3819 403e74 3602->3819 3603->3602 3605 405ad1 RegisterClassW 3604->3605 3606 405b66 3604->3606 3611 405b19 SystemParametersInfoW CreateWindowExW 3605->3611 3636 405b70 3605->3636 3612 40141d 80 API calls 3606->3612 3608 405a63 3607->3608 3609 405a3d lstrcmpiW 3607->3609 3616 406722 3 API calls 3608->3616 3609->3608 3614 405a4d GetFileAttributesW 3609->3614 3611->3606 3617 405b6c 3612->3617 3618 405a2a 3613->3618 3619 405a59 3614->3619 3615 405a9c 3615->3604 3620 405a69 3616->3620 3623 403e95 19 API calls 3617->3623 3617->3636 3618->3607 3619->3608 3621 406751 2 API calls 3619->3621 3818 406009 lstrcpynW 3620->3818 3621->3608 3624 405b7d 3623->3624 3625 405b89 ShowWindow LoadLibraryW 3624->3625 3626 405c0c 3624->3626 3628 405ba8 LoadLibraryW 3625->3628 3629 405baf GetClassInfoW 3625->3629 3804 405047 OleInitialize 3626->3804 3628->3629 3630 405bc3 GetClassInfoW RegisterClassW 3629->3630 3631 405bd9 DialogBoxParamW 3629->3631 3630->3631 3633 40141d 80 API calls 3631->3633 3632 405c12 3634 405c16 3632->3634 3635 405c2e 3632->3635 3633->3636 3634->3636 3638 40141d 80 API calls 3634->3638 3637 40141d 80 API calls 3635->3637 3636->3490 3637->3636 3638->3636 3640 403871 3639->3640 3641 403863 CloseHandle 3639->3641 3964 403c83 3640->3964 3641->3640 3647 405cb5 3646->3647 3648 403aef ExitProcess 3647->3648 3649 405ccb MessageBoxIndirectW 3647->3649 3649->3648 3650->3473 4021 406009 lstrcpynW 3651->4021 3653 40678f 3654 405d59 4 API calls 3653->3654 3655 406795 3654->3655 3656 406038 5 API calls 3655->3656 3663 403a97 3655->3663 3662 4067a5 3656->3662 3657 4067dd lstrlenW 3658 4067e4 3657->3658 3657->3662 3659 406722 3 API calls 3658->3659 3661 4067ea GetFileAttributesW 3659->3661 3660 4062d5 2 API calls 3660->3662 3661->3663 3662->3657 3662->3660 3662->3663 3664 406751 2 API calls 3662->3664 3663->3483 3665 406009 lstrcpynW 3663->3665 3664->3657 3665->3519 3666->3486 3668 406110 3667->3668 3669 4060f3 3667->3669 3671 406187 3668->3671 3672 40612d 3668->3672 3675 406104 3668->3675 3670 4060fd CloseHandle 3669->3670 3669->3675 3670->3675 3673 406190 lstrcatW lstrlenW WriteFile 3671->3673 3671->3675 3672->3673 3674 406136 GetFileAttributesW 3672->3674 3673->3675 4022 405e50 GetFileAttributesW CreateFileW 3674->4022 3675->3483 3677 406152 3677->3675 3678 406162 WriteFile 3677->3678 3679 40617c SetFilePointer 3677->3679 3678->3679 3679->3671 3680->3509 3681->3514 3682->3529 3698 406812 3683->3698 3684 406a7f 3685 403b6c DeleteFileW 3684->3685 4025 406009 lstrcpynW 3684->4025 3685->3527 3685->3529 3687 4068d3 GetVersion 3687->3698 3688 406a46 lstrlenW 3688->3698 3689 406805 10 API calls 3689->3688 3692 405ed3 3 API calls 3692->3698 3693 406952 GetSystemDirectoryW 3693->3698 3694 406965 GetWindowsDirectoryW 3694->3698 3695 406038 5 API calls 3695->3698 3696 406805 10 API calls 3696->3698 3697 4069df lstrcatW 3697->3698 3698->3684 3698->3687 3698->3688 3698->3689 3698->3692 3698->3693 3698->3694 3698->3695 3698->3696 3698->3697 3699 406999 SHGetSpecialFolderLocation 3698->3699 4023 405f51 wsprintfW 3698->4023 4024 406009 lstrcpynW 3698->4024 3699->3698 3700 4069b1 SHGetPathFromIDListW CoTaskMemFree 3699->3700 3700->3698 3702 4062fc 3 API calls 3701->3702 3703 406c6f 3702->3703 3705 406c90 3703->3705 4026 406a99 lstrcpyW 3703->4026 3705->3529 3707 405c7a 3706->3707 3708 405c6e CloseHandle 3706->3708 3707->3529 3708->3707 3710 40139d 80 API calls 3709->3710 3711 401432 3710->3711 3711->3495 3718 406045 3712->3718 3713 4060bb 3714 4060c1 CharPrevW 3713->3714 3716 4060e1 3713->3716 3714->3713 3715 4060ae CharNextW 3715->3713 3715->3718 3716->3549 3717 405d06 CharNextW 3717->3718 3718->3713 3718->3715 3718->3717 3719 40609a CharNextW 3718->3719 3720 4060a9 CharNextW 3718->3720 3719->3718 3720->3715 3722 4037ea CreateDirectoryW 3721->3722 3723 40673f lstrcatW 3721->3723 3724 405e7f 3722->3724 3723->3722 3725 405e8c GetTickCount GetTempFileNameW 3724->3725 3726 405ec2 3725->3726 3727 4037fe 3725->3727 3726->3725 3726->3727 3727->3475 3728->3556 3729->3558 3731 406760 3730->3731 3732 4035f3 3731->3732 3733 406766 CharPrevW 3731->3733 3734 406009 lstrcpynW 3732->3734 3733->3731 3733->3732 3734->3562 3736 403357 3735->3736 3736->3576 3738 4032f3 3737->3738 3739 4032db 3737->3739 3742 403303 GetTickCount 3738->3742 3743 4032fb 3738->3743 3740 4032e4 DestroyWindow 3739->3740 3741 4032eb 3739->3741 3740->3741 3741->3565 3745 403311 CreateDialogParamW ShowWindow 3742->3745 3746 403334 3742->3746 3772 406332 3743->3772 3745->3746 3746->3565 3748->3571 3751 403398 3749->3751 3750 4033c3 3753 403336 ReadFile 3750->3753 3751->3750 3794 403368 SetFilePointer 3751->3794 3754 4033ce 3753->3754 3755 4033e7 GetTickCount 3754->3755 3756 403518 3754->3756 3758 4033d2 3754->3758 3768 4033fa 3755->3768 3757 40351c 3756->3757 3762 403540 3756->3762 3759 403336 ReadFile 3757->3759 3758->3580 3759->3758 3760 403336 ReadFile 3760->3762 3761 403336 ReadFile 3761->3768 3762->3758 3762->3760 3763 40355f WriteFile 3762->3763 3763->3758 3764 403574 3763->3764 3764->3758 3764->3762 3766 40345c GetTickCount 3766->3768 3767 403485 MulDiv wsprintfW 3783 404f72 3767->3783 3768->3758 3768->3761 3768->3766 3768->3767 3770 4034c9 WriteFile 3768->3770 3776 407312 3768->3776 3770->3758 3770->3768 3771->3572 3773 40634f PeekMessageW 3772->3773 3774 406345 DispatchMessageW 3773->3774 3775 403301 3773->3775 3774->3773 3775->3565 3777 407332 3776->3777 3778 40733a 3776->3778 3777->3768 3778->3777 3779 4073c2 GlobalFree 3778->3779 3780 4073cb GlobalAlloc 3778->3780 3781 407443 GlobalAlloc 3778->3781 3782 40743a GlobalFree 3778->3782 3779->3780 3780->3777 3780->3778 3781->3777 3781->3778 3782->3781 3784 404f8b 3783->3784 3793 40502f 3783->3793 3785 404fa9 lstrlenW 3784->3785 3786 406805 18 API calls 3784->3786 3787 404fd2 3785->3787 3788 404fb7 lstrlenW 3785->3788 3786->3785 3790 404fe5 3787->3790 3791 404fd8 SetWindowTextW 3787->3791 3789 404fc9 lstrcatW 3788->3789 3788->3793 3789->3787 3792 404feb SendMessageW SendMessageW SendMessageW 3790->3792 3790->3793 3791->3790 3792->3793 3793->3768 3794->3750 3796 403ea9 3795->3796 3824 405f51 wsprintfW 3796->3824 3798 403f1d 3799 406805 18 API calls 3798->3799 3800 403f29 SetWindowTextW 3799->3800 3802 403f44 3800->3802 3801 403f5f 3801->3595 3802->3801 3803 406805 18 API calls 3802->3803 3803->3802 3825 403daf 3804->3825 3806 40506a 3809 4062a3 11 API calls 3806->3809 3811 405095 3806->3811 3828 40139d 3806->3828 3807 403daf SendMessageW 3808 4050a5 OleUninitialize 3807->3808 3808->3632 3809->3806 3811->3807 3812->3592 3814 405f07 RegQueryValueExW 3813->3814 3815 405989 3813->3815 3816 405f29 RegCloseKey 3814->3816 3815->3590 3815->3591 3816->3815 3818->3597 3963 406009 lstrcpynW 3819->3963 3821 403e88 3822 406722 3 API calls 3821->3822 3823 403e8e lstrcatW 3822->3823 3823->3615 3824->3798 3826 403dc7 3825->3826 3827 403db8 SendMessageW 3825->3827 3826->3806 3827->3826 3831 4013a4 3828->3831 3829 401410 3829->3806 3831->3829 3832 4013dd MulDiv SendMessageW 3831->3832 3833 4015a0 3831->3833 3832->3831 3834 4015fa 3833->3834 3913 40160c 3833->3913 3835 401601 3834->3835 3836 401742 3834->3836 3837 401962 3834->3837 3838 4019ca 3834->3838 3839 40176e 3834->3839 3840 401650 3834->3840 3841 4017b1 3834->3841 3842 401672 3834->3842 3843 401693 3834->3843 3844 401616 3834->3844 3845 4016d6 3834->3845 3846 401736 3834->3846 3847 401897 3834->3847 3848 4018db 3834->3848 3849 40163c 3834->3849 3850 4016bd 3834->3850 3834->3913 3863 4062a3 11 API calls 3835->3863 3855 401751 ShowWindow 3836->3855 3856 401758 3836->3856 3860 40145c 18 API calls 3837->3860 3853 40145c 18 API calls 3838->3853 3857 40145c 18 API calls 3839->3857 3880 4062a3 11 API calls 3840->3880 3946 40145c 3841->3946 3858 40145c 18 API calls 3842->3858 3940 401446 3843->3940 3852 40145c 18 API calls 3844->3852 3869 401446 18 API calls 3845->3869 3845->3913 3846->3913 3962 405f51 wsprintfW 3846->3962 3859 40145c 18 API calls 3847->3859 3864 40145c 18 API calls 3848->3864 3854 401647 PostQuitMessage 3849->3854 3849->3913 3851 4062a3 11 API calls 3850->3851 3866 4016c7 SetForegroundWindow 3851->3866 3867 40161c 3852->3867 3868 4019d1 SearchPathW 3853->3868 3854->3913 3855->3856 3870 401765 ShowWindow 3856->3870 3856->3913 3871 401775 3857->3871 3872 401678 3858->3872 3873 40189d 3859->3873 3874 401968 GetFullPathNameW 3860->3874 3863->3913 3865 4018e2 3864->3865 3877 40145c 18 API calls 3865->3877 3866->3913 3878 4062a3 11 API calls 3867->3878 3868->3913 3869->3913 3870->3913 3881 4062a3 11 API calls 3871->3881 3882 4062a3 11 API calls 3872->3882 3958 4062d5 FindFirstFileW 3873->3958 3884 40197f 3874->3884 3926 4019a1 3874->3926 3876 40169a 3943 4062a3 lstrlenW wvsprintfW 3876->3943 3887 4018eb 3877->3887 3888 401627 3878->3888 3889 401664 3880->3889 3890 401785 SetFileAttributesW 3881->3890 3891 401683 3882->3891 3908 4062d5 2 API calls 3884->3908 3884->3926 3885 4062a3 11 API calls 3893 4017c9 3885->3893 3896 40145c 18 API calls 3887->3896 3897 404f72 25 API calls 3888->3897 3898 40139d 65 API calls 3889->3898 3899 40179a 3890->3899 3890->3913 3906 404f72 25 API calls 3891->3906 3951 405d59 CharNextW CharNextW 3893->3951 3895 4019b8 GetShortPathNameW 3895->3913 3904 4018f5 3896->3904 3897->3913 3898->3913 3905 4062a3 11 API calls 3899->3905 3900 4018c2 3909 4062a3 11 API calls 3900->3909 3901 4018a9 3907 4062a3 11 API calls 3901->3907 3911 4062a3 11 API calls 3904->3911 3905->3913 3906->3913 3907->3913 3912 401991 3908->3912 3909->3913 3910 4017d4 3914 401864 3910->3914 3917 405d06 CharNextW 3910->3917 3935 4062a3 11 API calls 3910->3935 3915 401902 MoveFileW 3911->3915 3912->3926 3961 406009 lstrcpynW 3912->3961 3913->3831 3914->3891 3916 40186e 3914->3916 3918 401912 3915->3918 3919 40191e 3915->3919 3920 404f72 25 API calls 3916->3920 3922 4017e6 CreateDirectoryW 3917->3922 3918->3891 3924 401942 3919->3924 3929 4062d5 2 API calls 3919->3929 3925 401875 3920->3925 3922->3910 3923 4017fe GetLastError 3922->3923 3927 401827 GetFileAttributesW 3923->3927 3928 40180b GetLastError 3923->3928 3934 4062a3 11 API calls 3924->3934 3957 406009 lstrcpynW 3925->3957 3926->3895 3926->3913 3927->3910 3931 4062a3 11 API calls 3928->3931 3932 401929 3929->3932 3931->3910 3932->3924 3937 406c68 42 API calls 3932->3937 3933 401882 SetCurrentDirectoryW 3933->3913 3936 40195c 3934->3936 3935->3910 3936->3913 3938 401936 3937->3938 3939 404f72 25 API calls 3938->3939 3939->3924 3941 406805 18 API calls 3940->3941 3942 401455 3941->3942 3942->3876 3944 4060e7 9 API calls 3943->3944 3945 4016a7 Sleep 3944->3945 3945->3913 3947 406805 18 API calls 3946->3947 3948 401488 3947->3948 3949 401497 3948->3949 3950 406038 5 API calls 3948->3950 3949->3885 3950->3949 3952 405d76 3951->3952 3953 405d88 3951->3953 3952->3953 3954 405d83 CharNextW 3952->3954 3955 405dac 3953->3955 3956 405d06 CharNextW 3953->3956 3954->3955 3955->3910 3956->3953 3957->3933 3959 4018a5 3958->3959 3960 4062eb FindClose 3958->3960 3959->3900 3959->3901 3960->3959 3961->3926 3962->3913 3963->3821 3965 403c91 3964->3965 3966 403876 3965->3966 3967 403c96 FreeLibrary GlobalFree 3965->3967 3968 406c9b 3966->3968 3967->3966 3967->3967 3969 40677e 18 API calls 3968->3969 3970 406cae 3969->3970 3971 406cb7 DeleteFileW 3970->3971 3972 406cce 3970->3972 4012 403882 CoUninitialize 3971->4012 3973 406e4b 3972->3973 4016 406009 lstrcpynW 3972->4016 3979 4062d5 2 API calls 3973->3979 4001 406e58 3973->4001 3973->4012 3975 406cf9 3976 406d03 lstrcatW 3975->3976 3977 406d0d 3975->3977 3978 406d13 3976->3978 3980 406751 2 API calls 3977->3980 3982 406d23 lstrcatW 3978->3982 3983 406d19 3978->3983 3981 406e64 3979->3981 3980->3978 3986 406722 3 API calls 3981->3986 3981->4012 3985 406d2b lstrlenW FindFirstFileW 3982->3985 3983->3982 3983->3985 3984 4062a3 11 API calls 3984->4012 3987 406e3b 3985->3987 3991 406d52 3985->3991 3988 406e6e 3986->3988 3987->3973 3990 4062a3 11 API calls 3988->3990 3989 405d06 CharNextW 3989->3991 3992 406e79 3990->3992 3991->3989 3995 406e18 FindNextFileW 3991->3995 4004 406c9b 72 API calls 3991->4004 4011 404f72 25 API calls 3991->4011 4013 4062a3 11 API calls 3991->4013 4014 404f72 25 API calls 3991->4014 4015 406c68 42 API calls 3991->4015 4017 406009 lstrcpynW 3991->4017 4018 405e30 GetFileAttributesW 3991->4018 3993 405e30 2 API calls 3992->3993 3994 406e81 RemoveDirectoryW 3993->3994 3998 406ec4 3994->3998 3999 406e8d 3994->3999 3995->3991 3997 406e30 FindClose 3995->3997 3997->3987 4000 404f72 25 API calls 3998->4000 3999->4001 4002 406e93 3999->4002 4000->4012 4001->3984 4003 4062a3 11 API calls 4002->4003 4005 406e9d 4003->4005 4004->3991 4007 404f72 25 API calls 4005->4007 4009 406ea7 4007->4009 4010 406c68 42 API calls 4009->4010 4010->4012 4011->3995 4012->3491 4012->3492 4013->3991 4014->3991 4015->3991 4016->3975 4017->3991 4019 405e4d DeleteFileW 4018->4019 4020 405e3f SetFileAttributesW 4018->4020 4019->3991 4020->4019 4021->3653 4022->3677 4023->3698 4024->3698 4025->3685 4027 406ae7 GetShortPathNameW 4026->4027 4028 406abe 4026->4028 4029 406b00 4027->4029 4030 406c62 4027->4030 4052 405e50 GetFileAttributesW CreateFileW 4028->4052 4029->4030 4032 406b08 WideCharToMultiByte 4029->4032 4030->3705 4032->4030 4034 406b25 WideCharToMultiByte 4032->4034 4033 406ac7 CloseHandle GetShortPathNameW 4033->4030 4035 406adf 4033->4035 4034->4030 4036 406b3d wsprintfA 4034->4036 4035->4027 4035->4030 4037 406805 18 API calls 4036->4037 4038 406b69 4037->4038 4053 405e50 GetFileAttributesW CreateFileW 4038->4053 4040 406b76 4040->4030 4041 406b83 GetFileSize GlobalAlloc 4040->4041 4042 406ba4 ReadFile 4041->4042 4043 406c58 CloseHandle 4041->4043 4042->4043 4044 406bbe 4042->4044 4043->4030 4044->4043 4054 405db6 lstrlenA 4044->4054 4047 406bd7 lstrcpyA 4050 406bf9 4047->4050 4048 406beb 4049 405db6 4 API calls 4048->4049 4049->4050 4051 406c30 SetFilePointer WriteFile GlobalFree 4050->4051 4051->4043 4052->4033 4053->4040 4055 405df7 lstrlenA 4054->4055 4056 405dd0 lstrcmpiA 4055->4056 4057 405dff 4055->4057 4056->4057 4058 405dee CharNextA 4056->4058 4057->4047 4057->4048 4058->4055 4939 402a84 4940 401553 19 API calls 4939->4940 4941 402a8e 4940->4941 4942 401446 18 API calls 4941->4942 4943 402a98 4942->4943 4944 401a13 4943->4944 4945 402ab2 RegEnumKeyW 4943->4945 4946 402abe RegEnumValueW 4943->4946 4947 402a7e 4945->4947 4946->4944 4946->4947 4947->4944 4948 4029e4 RegCloseKey 4947->4948 4948->4944 4949 402c8a 4950 402ca2 4949->4950 4951 402c8f 4949->4951 4953 40145c 18 API calls 4950->4953 4952 401446 18 API calls 4951->4952 4955 402c97 4952->4955 4954 402ca9 lstrlenW 4953->4954 4954->4955 4956 402ccb WriteFile 4955->4956 4957 401a13 4955->4957 4956->4957 4958 40400d 4959 40406a 4958->4959 4960 40401a lstrcpynA lstrlenA 4958->4960 4960->4959 4961 40404b 4960->4961 4961->4959 4962 404057 GlobalFree 4961->4962 4962->4959 4963 401d8e 4964 40145c 18 API calls 4963->4964 4965 401d95 ExpandEnvironmentStringsW 4964->4965 4966 401da8 4965->4966 4968 401db9 4965->4968 4967 401dad lstrcmpW 4966->4967 4966->4968 4967->4968 4969 401e0f 4970 401446 18 API calls 4969->4970 4971 401e17 4970->4971 4972 401446 18 API calls 4971->4972 4973 401e21 4972->4973 4974 4030e3 4973->4974 4976 405f51 wsprintfW 4973->4976 4976->4974 4977 402392 4978 40145c 18 API calls 4977->4978 4979 402399 4978->4979 4982 4071f8 4979->4982 4983 406ed2 25 API calls 4982->4983 4984 407218 4983->4984 4985 407222 lstrcpynW lstrcmpW 4984->4985 4986 4023a7 4984->4986 4987 407254 4985->4987 4988 40725a lstrcpynW 4985->4988 4987->4988 4988->4986 4059 402713 4074 406009 lstrcpynW 4059->4074 4061 40272c 4075 406009 lstrcpynW 4061->4075 4063 402738 4064 40145c 18 API calls 4063->4064 4066 402743 4063->4066 4064->4066 4065 402752 4068 40145c 18 API calls 4065->4068 4070 402761 4065->4070 4066->4065 4067 40145c 18 API calls 4066->4067 4067->4065 4068->4070 4069 40145c 18 API calls 4071 40276b 4069->4071 4070->4069 4072 4062a3 11 API calls 4071->4072 4073 40277f WritePrivateProfileStringW 4072->4073 4074->4061 4075->4063 4989 402797 4990 40145c 18 API calls 4989->4990 4991 4027ae 4990->4991 4992 40145c 18 API calls 4991->4992 4993 4027b7 4992->4993 4994 40145c 18 API calls 4993->4994 4995 4027c0 GetPrivateProfileStringW lstrcmpW 4994->4995 4996 402e18 4997 40145c 18 API calls 4996->4997 4998 402e1f FindFirstFileW 4997->4998 4999 402e32 4998->4999 5004 405f51 wsprintfW 4999->5004 5001 402e43 5005 406009 lstrcpynW 5001->5005 5003 402e50 5004->5001 5005->5003 5006 401e9a 5007 40145c 18 API calls 5006->5007 5008 401ea1 5007->5008 5009 401446 18 API calls 5008->5009 5010 401eab wsprintfW 5009->5010 4286 401a1f 4287 40145c 18 API calls 4286->4287 4288 401a26 4287->4288 4289 4062a3 11 API calls 4288->4289 4290 401a49 4289->4290 4291 401a64 4290->4291 4292 401a5c 4290->4292 4340 406009 lstrcpynW 4291->4340 4339 406009 lstrcpynW 4292->4339 4295 401a62 4299 406038 5 API calls 4295->4299 4296 401a6f 4297 406722 3 API calls 4296->4297 4298 401a75 lstrcatW 4297->4298 4298->4295 4301 401a81 4299->4301 4300 4062d5 2 API calls 4300->4301 4301->4300 4302 405e30 2 API calls 4301->4302 4304 401a98 CompareFileTime 4301->4304 4305 401ba9 4301->4305 4309 4062a3 11 API calls 4301->4309 4313 406009 lstrcpynW 4301->4313 4319 406805 18 API calls 4301->4319 4326 405ca0 MessageBoxIndirectW 4301->4326 4330 401b50 4301->4330 4337 401b5d 4301->4337 4338 405e50 GetFileAttributesW CreateFileW 4301->4338 4302->4301 4304->4301 4306 404f72 25 API calls 4305->4306 4308 401bb3 4306->4308 4307 404f72 25 API calls 4310 401b70 4307->4310 4311 40337f 37 API calls 4308->4311 4309->4301 4314 4062a3 11 API calls 4310->4314 4312 401bc6 4311->4312 4315 4062a3 11 API calls 4312->4315 4313->4301 4321 401b8b 4314->4321 4316 401bda 4315->4316 4317 401be9 SetFileTime 4316->4317 4318 401bf8 CloseHandle 4316->4318 4317->4318 4320 401c09 4318->4320 4318->4321 4319->4301 4322 401c21 4320->4322 4323 401c0e 4320->4323 4325 406805 18 API calls 4322->4325 4324 406805 18 API calls 4323->4324 4327 401c16 lstrcatW 4324->4327 4328 401c29 4325->4328 4326->4301 4327->4328 4329 4062a3 11 API calls 4328->4329 4331 401c34 4329->4331 4332 401b93 4330->4332 4333 401b53 4330->4333 4334 405ca0 MessageBoxIndirectW 4331->4334 4335 4062a3 11 API calls 4332->4335 4336 4062a3 11 API calls 4333->4336 4334->4321 4335->4321 4336->4337 4337->4307 4338->4301 4339->4295 4340->4296 5011 40209f GetDlgItem GetClientRect 5012 40145c 18 API calls 5011->5012 5013 4020cf LoadImageW SendMessageW 5012->5013 5014 4030e3 5013->5014 5015 4020ed DeleteObject 5013->5015 5015->5014 5016 402b9f 5017 401446 18 API calls 5016->5017 5022 402ba7 5017->5022 5018 402c4a 5019 402bdf ReadFile 5021 402c3d 5019->5021 5019->5022 5020 401446 18 API calls 5020->5021 5021->5018 5021->5020 5028 402d17 ReadFile 5021->5028 5022->5018 5022->5019 5022->5021 5023 402c06 MultiByteToWideChar 5022->5023 5024 402c3f 5022->5024 5026 402c4f 5022->5026 5023->5022 5023->5026 5029 405f51 wsprintfW 5024->5029 5026->5021 5027 402c6b SetFilePointer 5026->5027 5027->5021 5028->5021 5029->5018 5030 402b23 GlobalAlloc 5031 402b39 5030->5031 5032 402b4b 5030->5032 5033 401446 18 API calls 5031->5033 5034 40145c 18 API calls 5032->5034 5035 402b41 5033->5035 5036 402b52 WideCharToMultiByte lstrlenA 5034->5036 5037 402b93 5035->5037 5038 402b84 WriteFile 5035->5038 5036->5035 5038->5037 5039 402384 GlobalFree 5038->5039 5039->5037 5041 4044a5 5042 404512 5041->5042 5043 4044df 5041->5043 5045 40451f GetDlgItem GetAsyncKeyState 5042->5045 5052 4045b1 5042->5052 5109 405c84 GetDlgItemTextW 5043->5109 5048 40453e GetDlgItem 5045->5048 5055 40455c 5045->5055 5046 4044ea 5049 406038 5 API calls 5046->5049 5047 40469d 5107 404833 5047->5107 5111 405c84 GetDlgItemTextW 5047->5111 5050 403d3f 19 API calls 5048->5050 5051 4044f0 5049->5051 5054 404551 ShowWindow 5050->5054 5057 403e74 5 API calls 5051->5057 5052->5047 5058 406805 18 API calls 5052->5058 5052->5107 5054->5055 5060 404579 SetWindowTextW 5055->5060 5065 405d59 4 API calls 5055->5065 5056 403dca 8 API calls 5061 404847 5056->5061 5062 4044f5 GetDlgItem 5057->5062 5063 40462f SHBrowseForFolderW 5058->5063 5059 4046c9 5064 40677e 18 API calls 5059->5064 5066 403d3f 19 API calls 5060->5066 5067 404503 IsDlgButtonChecked 5062->5067 5062->5107 5063->5047 5068 404647 CoTaskMemFree 5063->5068 5069 4046cf 5064->5069 5070 40456f 5065->5070 5071 404597 5066->5071 5067->5042 5072 406722 3 API calls 5068->5072 5112 406009 lstrcpynW 5069->5112 5070->5060 5076 406722 3 API calls 5070->5076 5073 403d3f 19 API calls 5071->5073 5074 404654 5072->5074 5077 4045a2 5073->5077 5078 40468b SetDlgItemTextW 5074->5078 5083 406805 18 API calls 5074->5083 5076->5060 5110 403d98 SendMessageW 5077->5110 5078->5047 5079 4046e6 5081 4062fc 3 API calls 5079->5081 5090 4046ee 5081->5090 5082 4045aa 5086 4062fc 3 API calls 5082->5086 5084 404673 lstrcmpiW 5083->5084 5084->5078 5087 404684 lstrcatW 5084->5087 5085 404730 5113 406009 lstrcpynW 5085->5113 5086->5052 5087->5078 5089 404739 5091 405d59 4 API calls 5089->5091 5090->5085 5095 406751 2 API calls 5090->5095 5096 404785 5090->5096 5092 40473f GetDiskFreeSpaceW 5091->5092 5094 404763 MulDiv 5092->5094 5092->5096 5094->5096 5095->5090 5098 4047e2 5096->5098 5099 4043ad 21 API calls 5096->5099 5097 404805 5114 403d85 KiUserCallbackDispatcher 5097->5114 5098->5097 5100 40141d 80 API calls 5098->5100 5101 4047d3 5099->5101 5100->5097 5103 4047e4 SetDlgItemTextW 5101->5103 5104 4047d8 5101->5104 5103->5098 5105 4043ad 21 API calls 5104->5105 5105->5098 5106 404821 5106->5107 5115 403d61 5106->5115 5107->5056 5109->5046 5110->5082 5111->5059 5112->5079 5113->5089 5114->5106 5116 403d74 SendMessageW 5115->5116 5117 403d6f 5115->5117 5116->5107 5117->5116 5118 402da5 5119 4030e3 5118->5119 5120 402dac 5118->5120 5121 401446 18 API calls 5120->5121 5122 402db8 5121->5122 5123 402dbf SetFilePointer 5122->5123 5123->5119 5124 402dcf 5123->5124 5124->5119 5126 405f51 wsprintfW 5124->5126 5126->5119 5127 4030a9 SendMessageW 5128 4030c2 InvalidateRect 5127->5128 5129 4030e3 5127->5129 5128->5129 5130 401cb2 5131 40145c 18 API calls 5130->5131 5132 401c54 5131->5132 5133 4062a3 11 API calls 5132->5133 5136 401c64 5132->5136 5134 401c59 5133->5134 5135 406c9b 81 API calls 5134->5135 5135->5136 4086 4021b5 4087 40145c 18 API calls 4086->4087 4088 4021bb 4087->4088 4089 40145c 18 API calls 4088->4089 4090 4021c4 4089->4090 4091 40145c 18 API calls 4090->4091 4092 4021cd 4091->4092 4093 40145c 18 API calls 4092->4093 4094 4021d6 4093->4094 4095 404f72 25 API calls 4094->4095 4096 4021e2 ShellExecuteW 4095->4096 4097 40221b 4096->4097 4098 40220d 4096->4098 4100 4062a3 11 API calls 4097->4100 4099 4062a3 11 API calls 4098->4099 4099->4097 4101 402230 4100->4101 5144 402238 5145 40145c 18 API calls 5144->5145 5146 40223e 5145->5146 5147 4062a3 11 API calls 5146->5147 5148 40224b 5147->5148 5149 404f72 25 API calls 5148->5149 5150 402255 5149->5150 5151 405c3f 2 API calls 5150->5151 5152 40225b 5151->5152 5153 4062a3 11 API calls 5152->5153 5156 4022ac CloseHandle 5152->5156 5159 40226d 5153->5159 5155 4030e3 5156->5155 5157 402283 WaitForSingleObject 5158 402291 GetExitCodeProcess 5157->5158 5157->5159 5158->5156 5161 4022a3 5158->5161 5159->5156 5159->5157 5160 406332 2 API calls 5159->5160 5160->5157 5163 405f51 wsprintfW 5161->5163 5163->5156 5164 4040b8 5165 4040d3 5164->5165 5173 404201 5164->5173 5169 40410e 5165->5169 5195 403fca WideCharToMultiByte 5165->5195 5166 40426c 5167 404276 GetDlgItem 5166->5167 5168 40433e 5166->5168 5170 404290 5167->5170 5171 4042ff 5167->5171 5174 403dca 8 API calls 5168->5174 5176 403d3f 19 API calls 5169->5176 5170->5171 5179 4042b6 6 API calls 5170->5179 5171->5168 5180 404311 5171->5180 5173->5166 5173->5168 5175 40423b GetDlgItem SendMessageW 5173->5175 5178 404339 5174->5178 5200 403d85 KiUserCallbackDispatcher 5175->5200 5177 40414e 5176->5177 5182 403d3f 19 API calls 5177->5182 5179->5171 5183 404327 5180->5183 5184 404317 SendMessageW 5180->5184 5187 40415b CheckDlgButton 5182->5187 5183->5178 5188 40432d SendMessageW 5183->5188 5184->5183 5185 404267 5186 403d61 SendMessageW 5185->5186 5186->5166 5198 403d85 KiUserCallbackDispatcher 5187->5198 5188->5178 5190 404179 GetDlgItem 5199 403d98 SendMessageW 5190->5199 5192 40418f SendMessageW 5193 4041b5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5192->5193 5194 4041ac GetSysColor 5192->5194 5193->5178 5194->5193 5196 404007 5195->5196 5197 403fe9 GlobalAlloc WideCharToMultiByte 5195->5197 5196->5169 5197->5196 5198->5190 5199->5192 5200->5185 4195 401eb9 4196 401f24 4195->4196 4197 401ec6 4195->4197 4198 401f53 GlobalAlloc 4196->4198 4199 401f28 4196->4199 4200 401ed5 4197->4200 4207 401ef7 4197->4207 4201 406805 18 API calls 4198->4201 4206 4062a3 11 API calls 4199->4206 4211 401f36 4199->4211 4202 4062a3 11 API calls 4200->4202 4205 401f46 4201->4205 4203 401ee2 4202->4203 4208 402708 4203->4208 4213 406805 18 API calls 4203->4213 4205->4208 4209 402387 GlobalFree 4205->4209 4206->4211 4217 406009 lstrcpynW 4207->4217 4209->4208 4219 406009 lstrcpynW 4211->4219 4212 401f06 4218 406009 lstrcpynW 4212->4218 4213->4203 4215 401f15 4220 406009 lstrcpynW 4215->4220 4217->4212 4218->4215 4219->4205 4220->4208 5201 4074bb 5203 407344 5201->5203 5202 407c6d 5203->5202 5204 4073c2 GlobalFree 5203->5204 5205 4073cb GlobalAlloc 5203->5205 5206 407443 GlobalAlloc 5203->5206 5207 40743a GlobalFree 5203->5207 5204->5205 5205->5202 5205->5203 5206->5202 5206->5203 5207->5206

                                                                                    Executed Functions

                                                                                    Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 0 4050cd-4050e8 1 405295-40529c 0->1 2 4050ee-4051d5 GetDlgItem * 3 call 403d98 call 404476 call 406805 call 4062a3 GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052c6-4052d3 1->3 4 40529e-4052c0 GetDlgItem CreateThread CloseHandle 1->4 35 4051f3-4051f6 2->35 36 4051d7-4051f1 SendMessageW * 2 2->36 6 4052f4-4052fb 3->6 7 4052d5-4052de 3->7 4->3 11 405352-405356 6->11 12 4052fd-405303 6->12 9 4052e0-4052ef ShowWindow * 2 call 403d98 7->9 10 405316-40531f call 403dca 7->10 9->6 22 405324-405328 10->22 11->10 14 405358-40535b 11->14 16 405305-405311 call 403d18 12->16 17 40532b-40533b ShowWindow 12->17 14->10 20 40535d-405370 SendMessageW 14->20 16->10 23 40534b-40534d call 403d18 17->23 24 40533d-405346 call 404f72 17->24 27 405376-405397 CreatePopupMenu call 406805 AppendMenuW 20->27 28 40528e-405290 20->28 23->11 24->23 37 405399-4053aa GetWindowRect 27->37 38 4053ac-4053b2 27->38 28->22 39 405206-40521d call 403d3f 35->39 40 4051f8-405204 SendMessageW 35->40 36->35 41 4053b3-4053cb TrackPopupMenu 37->41 38->41 46 405253-405274 GetDlgItem SendMessageW 39->46 47 40521f-405233 ShowWindow 39->47 40->39 41->28 43 4053d1-4053e8 41->43 45 4053ed-405408 SendMessageW 43->45 45->45 48 40540a-40542d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 46->28 51 405276-40528c SendMessageW * 2 46->51 49 405242 47->49 50 405235-405240 ShowWindow 47->50 52 40542f-405458 SendMessageW 48->52 53 405248-40524e call 403d98 49->53 50->53 51->28 52->52 54 40545a-405474 GlobalUnlock SetClipboardData CloseClipboard 52->54 53->46 54->28
                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,00000403), ref: 0040512F
                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 0040513E
                                                                                    • GetClientRect.USER32(?,?), ref: 00405196
                                                                                    • GetSystemMetrics.USER32(00000015), ref: 0040519E
                                                                                    • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
                                                                                    • ShowWindow.USER32(?,00000008), ref: 0040523A
                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040525B
                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 0040514D
                                                                                      • Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                      • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004052AB
                                                                                    • CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 004052C0
                                                                                    • ShowWindow.USER32(00000000), ref: 004052E7
                                                                                    • ShowWindow.USER32(?,00000008), ref: 004052EC
                                                                                    • ShowWindow.USER32(00000008), ref: 00405333
                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
                                                                                    • CreatePopupMenu.USER32 ref: 00405376
                                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
                                                                                    • GetWindowRect.USER32(?,?), ref: 0040539E
                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
                                                                                    • OpenClipboard.USER32(00000000), ref: 0040540B
                                                                                    • EmptyClipboard.USER32 ref: 00405411
                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00405427
                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 0040545D
                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 00405468
                                                                                    • CloseClipboard.USER32 ref: 0040546E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                    • String ID: @rD$New install of "%s" to "%s"${
                                                                                    • API String ID: 2110491804-2409696222
                                                                                    • Opcode ID: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
                                                                                    • Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
                                                                                    • Opcode Fuzzy Hash: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
                                                                                    • Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59
                                                                                    Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 305 403883-403919 #17 SetErrorMode OleInitialize call 4062fc SHGetFileInfoW call 406009 GetCommandLineW call 406009 GetModuleHandleW 312 403923-403937 call 405d06 CharNextW 305->312 313 40391b-40391e 305->313 316 4039ca-4039d0 312->316 313->312 317 4039d6 316->317 318 40393c-403942 316->318 319 4039f5-403a0d GetTempPathW call 4037cc 317->319 320 403944-40394a 318->320 321 40394c-403950 318->321 328 403a33-403a4d DeleteFileW call 403587 319->328 329 403a0f-403a2d GetWindowsDirectoryW lstrcatW call 4037cc 319->329 320->320 320->321 323 403952-403957 321->323 324 403958-40395c 321->324 323->324 326 4039b8-4039c5 call 405d06 324->326 327 40395e-403965 324->327 326->316 342 4039c7 326->342 331 403967-40396e 327->331 332 40397a-40398c call 403800 327->332 345 403acc-403adb call 403859 CoUninitialize 328->345 346 403a4f-403a55 328->346 329->328 329->345 333 403970-403973 331->333 334 403975 331->334 343 4039a1-4039b6 call 403800 332->343 344 40398e-403995 332->344 333->332 333->334 334->332 342->316 343->326 361 4039d8-4039f0 call 407d6e call 406009 343->361 348 403997-40399a 344->348 349 40399c 344->349 359 403ae1-403af1 call 405ca0 ExitProcess 345->359 360 403bce-403bd4 345->360 351 403ab5-403abc call 40592c 346->351 352 403a57-403a60 call 405d06 346->352 348->343 348->349 349->343 358 403ac1-403ac7 call 4060e7 351->358 362 403a79-403a7b 352->362 358->345 365 403c51-403c59 360->365 366 403bd6-403bf3 call 4062fc * 3 360->366 361->319 370 403a62-403a74 call 403800 362->370 371 403a7d-403a87 362->371 372 403c5b 365->372 373 403c5f 365->373 397 403bf5-403bf7 366->397 398 403c3d-403c48 ExitWindowsEx 366->398 370->371 384 403a76 370->384 378 403af7-403b11 lstrcatW lstrcmpiW 371->378 379 403a89-403a99 call 40677e 371->379 372->373 378->345 383 403b13-403b29 CreateDirectoryW SetCurrentDirectoryW 378->383 379->345 390 403a9b-403ab1 call 406009 * 2 379->390 387 403b36-403b56 call 406009 * 2 383->387 388 403b2b-403b31 call 406009 383->388 384->362 404 403b5b-403b77 call 406805 DeleteFileW 387->404 388->387 390->351 397->398 402 403bf9-403bfb 397->402 398->365 401 403c4a-403c4c call 40141d 398->401 401->365 402->398 406 403bfd-403c0f GetCurrentProcess 402->406 412 403bb8-403bc0 404->412 413 403b79-403b89 CopyFileW 404->413 406->398 411 403c11-403c33 406->411 411->398 412->404 414 403bc2-403bc9 call 406c68 412->414 413->412 415 403b8b-403bab call 406c68 call 406805 call 405c3f 413->415 414->345 415->412 425 403bad-403bb4 CloseHandle 415->425 425->412
                                                                                    APIs
                                                                                    • #17.COMCTL32 ref: 004038A2
                                                                                    • SetErrorMode.KERNELBASE(00008001), ref: 004038AD
                                                                                    • OleInitialize.OLE32(00000000), ref: 004038B4
                                                                                      • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                      • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                      • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                    • SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC
                                                                                      • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                    • GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
                                                                                    • GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
                                                                                    • CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
                                                                                    • GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
                                                                                    • GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
                                                                                    • lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
                                                                                    • DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
                                                                                    • CoUninitialize.COMBASE(?), ref: 00403AD1
                                                                                    • ExitProcess.KERNEL32 ref: 00403AF1
                                                                                    • lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
                                                                                    • lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
                                                                                    • CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
                                                                                    • SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
                                                                                    • DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
                                                                                    • CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
                                                                                    • CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
                                                                                    • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                    • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
                                                                                    • API String ID: 2435955865-239407132
                                                                                    • Opcode ID: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
                                                                                    • Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
                                                                                    • Opcode Fuzzy Hash: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
                                                                                    • Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E
                                                                                    Function 00406805 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 587 406805-406810 588 406812-406821 587->588 589 406823-406837 587->589 588->589 590 406839-406846 589->590 591 40684f-406855 589->591 590->591 594 406848-40684b 590->594 592 406a81-406a8a 591->592 593 40685b-40685c 591->593 596 406a95-406a96 592->596 597 406a8c-406a90 call 406009 592->597 595 40685d-40686a 593->595 594->591 598 406870-406880 595->598 599 406a7f-406a80 595->599 597->596 601 406886-406889 598->601 602 406a5a 598->602 599->592 603 406a5d 601->603 604 40688f-4068cd 601->604 602->603 605 406a6d-406a70 603->605 606 406a5f-406a6b 603->606 607 4068d3-4068de GetVersion 604->607 608 4069ed-4069f6 604->608 611 406a73-406a79 605->611 606->611 612 4068e0-4068e8 607->612 613 4068fc 607->613 609 4069f8-4069fb 608->609 610 406a2f-406a38 608->610 616 406a0b-406a1a call 406009 609->616 617 4069fd-406a09 call 405f51 609->617 614 406a46-406a58 lstrlenW 610->614 615 406a3a-406a41 call 406805 610->615 611->595 611->599 612->613 618 4068ea-4068ee 612->618 619 406903-40690a 613->619 614->611 615->614 628 406a1f-406a25 616->628 617->628 618->613 622 4068f0-4068f4 618->622 624 40690c-40690e 619->624 625 40690f-406911 619->625 622->613 627 4068f6-4068fa 622->627 624->625 629 406913-406939 call 405ed3 625->629 630 40694d-406950 625->630 627->619 628->614 634 406a27-406a2d call 406038 628->634 640 4069d9-4069dd 629->640 641 40693f-406948 call 406805 629->641 632 406960-406963 630->632 633 406952-40695e GetSystemDirectoryW 630->633 637 406965-406973 GetWindowsDirectoryW 632->637 638 4069cf-4069d1 632->638 636 4069d3-4069d7 633->636 634->614 636->634 636->640 637->638 638->636 642 406975-40697f 638->642 640->634 645 4069df-4069eb lstrcatW 640->645 641->636 646 406981-406984 642->646 647 406999-4069af SHGetSpecialFolderLocation 642->647 645->634 646->647 649 406986-40698d 646->649 650 4069b1-4069c8 SHGetPathFromIDListW CoTaskMemFree 647->650 651 4069ca-4069cc 647->651 652 406995-406997 649->652 650->636 650->651 651->638 652->636 652->647
                                                                                    APIs
                                                                                    • GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                    • GetSystemDirectoryW.KERNEL32(00462540,00002004), ref: 00406958
                                                                                      • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                    • GetWindowsDirectoryW.KERNEL32(00462540,00002004), ref: 0040696B
                                                                                    • lstrcatW.KERNEL32(00462540,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
                                                                                    • lstrlenW.KERNEL32(00462540,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                    • String ID: @%F$@%F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                    • API String ID: 3581403547-784952888
                                                                                    • Opcode ID: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
                                                                                    • Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
                                                                                    • Opcode Fuzzy Hash: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
                                                                                    • Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D
                                                                                    Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 853 4074bb-4074c0 854 4074c2-4074ef 853->854 855 40752f-407547 853->855 857 4074f1-4074f4 854->857 858 4074f6-4074fa 854->858 856 407aeb-407aff 855->856 862 407b01-407b17 856->862 863 407b19-407b2c 856->863 859 407506-407509 857->859 860 407502 858->860 861 4074fc-407500 858->861 864 407527-40752a 859->864 865 40750b-407514 859->865 860->859 861->859 866 407b33-407b3a 862->866 863->866 869 4076f6-407713 864->869 870 407516 865->870 871 407519-407525 865->871 867 407b61-407c68 866->867 868 407b3c-407b40 866->868 884 407350 867->884 885 407cec 867->885 873 407b46-407b5e 868->873 874 407ccd-407cd4 868->874 876 407715-407729 869->876 877 40772b-40773e 869->877 870->871 872 407589-4075b6 871->872 880 4075d2-4075ec 872->880 881 4075b8-4075d0 872->881 873->867 878 407cdd-407cea 874->878 882 407741-40774b 876->882 877->882 883 407cef-407cf6 878->883 886 4075f0-4075fa 880->886 881->886 887 40774d 882->887 888 4076ee-4076f4 882->888 889 407357-40735b 884->889 890 40749b-4074b6 884->890 891 40746d-407471 884->891 892 4073ff-407403 884->892 885->883 895 407600 886->895 896 407571-407577 886->896 897 407845-4078a1 887->897 898 4076c9-4076cd 887->898 888->869 894 407692-40769c 888->894 889->878 899 407361-40736e 889->899 890->856 904 407c76-407c7d 891->904 905 407477-40748b 891->905 910 407409-407420 892->910 911 407c6d-407c74 892->911 900 4076a2-4076c4 894->900 901 407c9a-407ca1 894->901 913 407556-40756e 895->913 914 407c7f-407c86 895->914 902 40762a-407630 896->902 903 40757d-407583 896->903 897->856 906 407c91-407c98 898->906 907 4076d3-4076eb 898->907 899->885 915 407374-4073ba 899->915 900->897 901->878 916 40768e 902->916 917 407632-40764f 902->917 903->872 903->916 904->878 912 40748e-407496 905->912 906->878 907->888 918 407423-407427 910->918 911->878 912->891 922 407498 912->922 913->896 914->878 920 4073e2-4073e4 915->920 921 4073bc-4073c0 915->921 916->894 923 407651-407665 917->923 924 407667-40767a 917->924 918->892 919 407429-40742f 918->919 926 407431-407438 919->926 927 407459-40746b 919->927 930 4073f5-4073fd 920->930 931 4073e6-4073f3 920->931 928 4073c2-4073c5 GlobalFree 921->928 929 4073cb-4073d9 GlobalAlloc 921->929 922->890 925 40767d-407687 923->925 924->925 925->902 932 407689 925->932 933 407443-407453 GlobalAlloc 926->933 934 40743a-40743d GlobalFree 926->934 927->912 928->929 929->885 935 4073df 929->935 930->918 931->930 931->931 937 407c88-407c8f 932->937 938 40760f-407627 932->938 933->885 933->927 934->933 935->920 937->878 938->902
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                    • Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
                                                                                    • Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                    • Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86
                                                                                    Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                    • String ID:
                                                                                    • API String ID: 310444273-0
                                                                                    • Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                    • Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
                                                                                    • Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                    • Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC
                                                                                    Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                    • FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Find$CloseFileFirst
                                                                                    • String ID:
                                                                                    • API String ID: 2295610775-0
                                                                                    • Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                    • Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
                                                                                    • Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                    • Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8
                                                                                    Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 56 405479-40548b 57 405491-405497 56->57 58 4055cd-4055dc 56->58 57->58 59 40549d-4054a6 57->59 60 40562b-405640 58->60 61 4055de-405626 GetDlgItem * 2 call 403d3f SetClassLongW call 40141d 58->61 62 4054a8-4054b5 SetWindowPos 59->62 63 4054bb-4054be 59->63 65 405680-405685 call 403daf 60->65 66 405642-405645 60->66 61->60 62->63 68 4054c0-4054d2 ShowWindow 63->68 69 4054d8-4054de 63->69 74 40568a-4056a5 65->74 71 405647-405652 call 40139d 66->71 72 405678-40567a 66->72 68->69 75 4054e0-4054f5 DestroyWindow 69->75 76 4054fa-4054fd 69->76 71->72 93 405654-405673 SendMessageW 71->93 72->65 73 405920 72->73 81 405922-405929 73->81 79 4056a7-4056a9 call 40141d 74->79 80 4056ae-4056b4 74->80 82 4058fd-405903 75->82 84 405510-405516 76->84 85 4054ff-40550b SetWindowLongW 76->85 79->80 89 4056ba-4056c5 80->89 90 4058de-4058f7 DestroyWindow KiUserCallbackDispatcher 80->90 82->73 87 405905-40590b 82->87 91 4055b9-4055c8 call 403dca 84->91 92 40551c-40552d GetDlgItem 84->92 85->81 87->73 95 40590d-405916 ShowWindow 87->95 89->90 96 4056cb-405718 call 406805 call 403d3f * 3 GetDlgItem 89->96 90->82 91->81 97 40554c-40554f 92->97 98 40552f-405546 SendMessageW IsWindowEnabled 92->98 93->81 95->73 126 405723-40575f ShowWindow KiUserCallbackDispatcher call 403d85 EnableWindow 96->126 127 40571a-405720 96->127 101 405551-405552 97->101 102 405554-405557 97->102 98->73 98->97 103 405582-405587 call 403d18 101->103 104 405565-40556a 102->104 105 405559-40555f 102->105 103->91 107 4055a0-4055b3 SendMessageW 104->107 109 40556c-405572 104->109 105->107 108 405561-405563 105->108 107->91 108->103 112 405574-40557a call 40141d 109->112 113 405589-405592 call 40141d 109->113 122 405580 112->122 113->91 123 405594-40559e 113->123 122->103 123->122 130 405761-405762 126->130 131 405764 126->131 127->126 132 405766-405794 GetSystemMenu EnableMenuItem SendMessageW 130->132 131->132 133 405796-4057a7 SendMessageW 132->133 134 4057a9 132->134 135 4057af-4057ed call 403d98 call 406009 lstrlenW call 406805 SetWindowTextW call 40139d 133->135 134->135 135->74 144 4057f3-4057f5 135->144 144->74 145 4057fb-4057ff 144->145 146 405801-405807 145->146 147 40581e-405832 DestroyWindow 145->147 146->73 148 40580d-405813 146->148 147->82 149 405838-405865 CreateDialogParamW 147->149 148->74 150 405819 148->150 149->82 151 40586b-4058c2 call 403d3f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 149->151 150->73 151->73 156 4058c4-4058d7 ShowWindow call 403daf 151->156 158 4058dc 156->158 158->82
                                                                                    APIs
                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
                                                                                    • ShowWindow.USER32(?), ref: 004054D2
                                                                                    • DestroyWindow.USER32 ref: 004054E6
                                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
                                                                                    • GetDlgItem.USER32(?,?), ref: 00405523
                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
                                                                                    • IsWindowEnabled.USER32(00000000), ref: 0040553E
                                                                                    • GetDlgItem.USER32(?,00000001), ref: 004055ED
                                                                                    • GetDlgItem.USER32(?,00000002), ref: 004055F7
                                                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 00405611
                                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00405708
                                                                                    • ShowWindow.USER32(00000000,?), ref: 0040572A
                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
                                                                                    • EnableWindow.USER32(?,?), ref: 00405757
                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
                                                                                    • EnableMenuItem.USER32(00000000), ref: 00405774
                                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
                                                                                    • lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
                                                                                    • SetWindowTextW.USER32(?,00447240), ref: 004057DC
                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00405910
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                    • String ID: @rD
                                                                                    • API String ID: 3282139019-3814967855
                                                                                    • Opcode ID: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
                                                                                    • Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
                                                                                    • Opcode Fuzzy Hash: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
                                                                                    • Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E
                                                                                    Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 159 4015a0-4015f4 160 4030e3-4030ec 159->160 161 4015fa 159->161 185 4030ee-4030f2 160->185 163 401601-401611 call 4062a3 161->163 164 401742-40174f 161->164 165 401962-40197d call 40145c GetFullPathNameW 161->165 166 4019ca-4019e6 call 40145c SearchPathW 161->166 167 40176e-401794 call 40145c call 4062a3 SetFileAttributesW 161->167 168 401650-40166d call 40137e call 4062a3 call 40139d 161->168 169 4017b1-4017d8 call 40145c call 4062a3 call 405d59 161->169 170 401672-401686 call 40145c call 4062a3 161->170 171 401693-4016ac call 401446 call 4062a3 161->171 172 401715-401731 161->172 173 401616-40162d call 40145c call 4062a3 call 404f72 161->173 174 4016d6-4016db 161->174 175 401736-4030de 161->175 176 401897-4018a7 call 40145c call 4062d5 161->176 177 4018db-401910 call 40145c * 3 call 4062a3 MoveFileW 161->177 178 40163c-401645 161->178 179 4016bd-4016d1 call 4062a3 SetForegroundWindow 161->179 163->185 189 401751-401755 ShowWindow 164->189 190 401758-40175f 164->190 224 4019a3-4019a8 165->224 225 40197f-401984 165->225 166->160 217 4019ec-4019f8 166->217 167->160 242 40179a-4017a6 call 4062a3 167->242 168->185 264 401864-40186c 169->264 265 4017de-4017fc call 405d06 CreateDirectoryW 169->265 243 401689-40168e call 404f72 170->243 248 4016b1-4016b8 Sleep 171->248 249 4016ae-4016b0 171->249 172->185 186 401632-401637 173->186 183 401702-401710 174->183 184 4016dd-4016fd call 401446 174->184 175->160 219 4030de call 405f51 175->219 244 4018c2-4018d6 call 4062a3 176->244 245 4018a9-4018bd call 4062a3 176->245 272 401912-401919 177->272 273 40191e-401921 177->273 178->186 187 401647-40164e PostQuitMessage 178->187 179->160 183->160 184->160 186->185 187->186 189->190 190->160 208 401765-401769 ShowWindow 190->208 208->160 217->160 219->160 228 4019af-4019b2 224->228 225->228 235 401986-401989 225->235 228->160 238 4019b8-4019c5 GetShortPathNameW 228->238 235->228 246 40198b-401993 call 4062d5 235->246 238->160 259 4017ab-4017ac 242->259 243->160 244->185 245->185 246->224 269 401995-4019a1 call 406009 246->269 248->160 249->248 259->160 267 401890-401892 264->267 268 40186e-40188b call 404f72 call 406009 SetCurrentDirectoryW 264->268 277 401846-40184e call 4062a3 265->277 278 4017fe-401809 GetLastError 265->278 267->243 268->160 269->228 272->243 279 401923-40192b call 4062d5 273->279 280 40194a-401950 273->280 292 401853-401854 277->292 283 401827-401832 GetFileAttributesW 278->283 284 40180b-401825 GetLastError call 4062a3 278->284 279->280 298 40192d-401948 call 406c68 call 404f72 279->298 288 401957-40195d call 4062a3 280->288 290 401834-401844 call 4062a3 283->290 291 401855-40185e 283->291 284->291 288->259 290->292 291->264 291->265 292->291 298->288
                                                                                    APIs
                                                                                    • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                    • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                    • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                    • ShowWindow.USER32(?), ref: 00401753
                                                                                    • ShowWindow.USER32(?), ref: 00401767
                                                                                    • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                    • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                    • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                    • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                    • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                    Strings
                                                                                    • Sleep(%d), xrefs: 0040169D
                                                                                    • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                    • BringToFront, xrefs: 004016BD
                                                                                    • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                    • Rename on reboot: %s, xrefs: 00401943
                                                                                    • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                    • Rename failed: %s, xrefs: 0040194B
                                                                                    • SetFileAttributes failed., xrefs: 004017A1
                                                                                    • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                    • Call: %d, xrefs: 0040165A
                                                                                    • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                    • Aborting: "%s", xrefs: 0040161D
                                                                                    • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                    • Rename: %s, xrefs: 004018F8
                                                                                    • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                    • Jump: %d, xrefs: 00401602
                                                                                    • detailprint: %s, xrefs: 00401679
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                    • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                    • API String ID: 2872004960-3619442763
                                                                                    • Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                    • Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
                                                                                    • Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                    • Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE
                                                                                    Function 0040592C Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 426 40592c-405944 call 4062fc 429 405946-405956 call 405f51 426->429 430 405958-405990 call 405ed3 426->430 438 4059b3-4059dc call 403e95 call 40677e 429->438 435 405992-4059a3 call 405ed3 430->435 436 4059a8-4059ae lstrcatW 430->436 435->436 436->438 444 405a70-405a78 call 40677e 438->444 445 4059e2-4059e7 438->445 451 405a86-405a8d 444->451 452 405a7a-405a81 call 406805 444->452 445->444 446 4059ed-405a15 call 405ed3 445->446 446->444 453 405a17-405a1b 446->453 455 405aa6-405acb LoadImageW 451->455 456 405a8f-405a95 451->456 452->451 460 405a1d-405a2c call 405d06 453->460 461 405a2f-405a3b lstrlenW 453->461 458 405ad1-405b13 RegisterClassW 455->458 459 405b66-405b6e call 40141d 455->459 456->455 457 405a97-405a9c call 403e74 456->457 457->455 465 405c35 458->465 466 405b19-405b61 SystemParametersInfoW CreateWindowExW 458->466 478 405b70-405b73 459->478 479 405b78-405b83 call 403e95 459->479 460->461 462 405a63-405a6b call 406722 call 406009 461->462 463 405a3d-405a4b lstrcmpiW 461->463 462->444 463->462 470 405a4d-405a57 GetFileAttributesW 463->470 469 405c37-405c3e 465->469 466->459 475 405a59-405a5b 470->475 476 405a5d-405a5e call 406751 470->476 475->462 475->476 476->462 478->469 484 405b89-405ba6 ShowWindow LoadLibraryW 479->484 485 405c0c-405c0d call 405047 479->485 487 405ba8-405bad LoadLibraryW 484->487 488 405baf-405bc1 GetClassInfoW 484->488 491 405c12-405c14 485->491 487->488 489 405bc3-405bd3 GetClassInfoW RegisterClassW 488->489 490 405bd9-405bfc DialogBoxParamW call 40141d 488->490 489->490 495 405c01-405c0a call 403c68 490->495 493 405c16-405c1c 491->493 494 405c2e-405c30 call 40141d 491->494 493->478 496 405c22-405c29 call 40141d 493->496 494->465 495->469 496->478
                                                                                    APIs
                                                                                      • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                      • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                      • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                    • lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
                                                                                    • lstrlenW.KERNEL32(00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
                                                                                    • lstrcmpiW.KERNEL32(00462538,.exe,00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
                                                                                    • GetFileAttributesW.KERNEL32(00462540), ref: 00405A4E
                                                                                      • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
                                                                                    • RegisterClassW.USER32(0046AD60), ref: 00405B0A
                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
                                                                                    • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B
                                                                                      • Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30
                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00405B91
                                                                                    • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
                                                                                    • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
                                                                                    • RegisterClassW.USER32(0046AD60), ref: 00405BD3
                                                                                    • DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                    • String ID: .DEFAULT\Control Panel\International$.exe$@%F$@rD$B%F$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                    • API String ID: 608394941-1650083594
                                                                                    • Opcode ID: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
                                                                                    • Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
                                                                                    • Opcode Fuzzy Hash: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
                                                                                    • Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E
                                                                                    Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                    • lstrcatW.KERNEL32(00000000,00000000,164,004CB0B0,00000000,00000000), ref: 00401A76
                                                                                    • CompareFileTime.KERNEL32(-00000014,?,164,164,00000000,00000000,164,004CB0B0,00000000,00000000), ref: 00401AA0
                                                                                      • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                      • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                      • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                    • String ID: 164$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                                                                    • API String ID: 4286501637-3765041762
                                                                                    • Opcode ID: b155778cc10115f8d02ccc56e208397f172a866a515c636f57ea647fec07d827
                                                                                    • Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
                                                                                    • Opcode Fuzzy Hash: b155778cc10115f8d02ccc56e208397f172a866a515c636f57ea647fec07d827
                                                                                    • Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE
                                                                                    Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 653 403587-4035d5 GetTickCount GetModuleFileNameW call 405e50 656 4035e1-40360f call 406009 call 406751 call 406009 GetFileSize 653->656 657 4035d7-4035dc 653->657 665 403615 656->665 666 4036fc-40370a call 4032d2 656->666 658 4037b6-4037ba 657->658 668 40361a-403631 665->668 672 403710-403713 666->672 673 4037c5-4037ca 666->673 670 403633 668->670 671 403635-403637 call 403336 668->671 670->671 677 40363c-40363e 671->677 675 403715-40372d call 403368 call 403336 672->675 676 40373f-403769 GlobalAlloc call 403368 call 40337f 672->676 673->658 675->673 703 403733-403739 675->703 676->673 701 40376b-40377c 676->701 679 403644-40364b 677->679 680 4037bd-4037c4 call 4032d2 677->680 685 4036c7-4036cb 679->685 686 40364d-403661 call 405e0c 679->686 680->673 689 4036d5-4036db 685->689 690 4036cd-4036d4 call 4032d2 685->690 686->689 700 403663-40366a 686->700 697 4036ea-4036f4 689->697 698 4036dd-4036e7 call 407281 689->698 690->689 697->668 702 4036fa 697->702 698->697 700->689 706 40366c-403673 700->706 707 403784-403787 701->707 708 40377e 701->708 702->666 703->673 703->676 706->689 709 403675-40367c 706->709 710 40378a-403792 707->710 708->707 709->689 711 40367e-403685 709->711 710->710 712 403794-4037af SetFilePointer call 405e0c 710->712 711->689 713 403687-4036a7 711->713 716 4037b4 712->716 713->673 715 4036ad-4036b1 713->715 717 4036b3-4036b7 715->717 718 4036b9-4036c1 715->718 716->658 717->702 717->718 718->689 719 4036c3-4036c5 718->719 719->689
                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 00403598
                                                                                    • GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4
                                                                                      • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                      • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600
                                                                                    Strings
                                                                                    • soft, xrefs: 00403675
                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5
                                                                                    • Inst, xrefs: 0040366C
                                                                                    • Null, xrefs: 0040367E
                                                                                    • Error launching installer, xrefs: 004035D7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                    • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                    • API String ID: 4283519449-527102705
                                                                                    • Opcode ID: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                    • Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
                                                                                    • Opcode Fuzzy Hash: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                    • Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C
                                                                                    Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166fileCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 720 40337f-403396 721 403398 720->721 722 40339f-4033a7 720->722 721->722 723 4033a9 722->723 724 4033ae-4033b3 722->724 723->724 725 4033c3-4033d0 call 403336 724->725 726 4033b5-4033be call 403368 724->726 730 4033d2 725->730 731 4033da-4033e1 725->731 726->725 732 4033d4-4033d5 730->732 733 4033e7-403407 GetTickCount call 4072f2 731->733 734 403518-40351a 731->734 735 403539-40353d 732->735 746 403536 733->746 748 40340d-403415 733->748 736 40351c-40351f 734->736 737 40357f-403583 734->737 739 403521 736->739 740 403524-40352d call 403336 736->740 741 403540-403546 737->741 742 403585 737->742 739->740 740->730 755 403533 740->755 744 403548 741->744 745 40354b-403559 call 403336 741->745 742->746 744->745 745->730 757 40355f-403572 WriteFile 745->757 746->735 751 403417 748->751 752 40341a-403428 call 403336 748->752 751->752 752->730 758 40342a-403433 752->758 755->746 759 403511-403513 757->759 760 403574-403577 757->760 761 403439-403456 call 407312 758->761 759->732 760->759 762 403579-40357c 760->762 765 40350a-40350c 761->765 766 40345c-403473 GetTickCount 761->766 762->737 765->732 767 403475-40347d 766->767 768 4034be-4034c2 766->768 769 403485-4034b6 MulDiv wsprintfW call 404f72 767->769 770 40347f-403483 767->770 771 4034c4-4034c7 768->771 772 4034ff-403502 768->772 778 4034bb 769->778 770->768 770->769 775 4034e7-4034ed 771->775 776 4034c9-4034db WriteFile 771->776 772->748 773 403508 772->773 773->746 777 4034f3-4034f7 775->777 776->759 779 4034dd-4034e0 776->779 777->761 781 4034fd 777->781 778->768 779->759 780 4034e2-4034e5 779->780 780->777 781->746
                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 004033E7
                                                                                    • GetTickCount.KERNEL32 ref: 00403464
                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
                                                                                    • wsprintfW.USER32 ref: 004034A4
                                                                                    • WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
                                                                                    • WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: CountFileTickWrite$wsprintf
                                                                                    • String ID: ... %d%%$P1B$X1C$X1C
                                                                                    • API String ID: 651206458-1535804072
                                                                                    • Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                    • Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
                                                                                    • Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                    • Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9
                                                                                    Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 782 404f72-404f85 783 405042-405044 782->783 784 404f8b-404f9e 782->784 785 404fa0-404fa4 call 406805 784->785 786 404fa9-404fb5 lstrlenW 784->786 785->786 788 404fd2-404fd6 786->788 789 404fb7-404fc7 lstrlenW 786->789 792 404fe5-404fe9 788->792 793 404fd8-404fdf SetWindowTextW 788->793 790 405040-405041 789->790 791 404fc9-404fcd lstrcatW 789->791 790->783 791->788 794 404feb-40502d SendMessageW * 3 792->794 795 40502f-405031 792->795 793->792 794->795 795->790 796 405033-405038 795->796 796->790
                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                    • lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                    • lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                    • SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                      • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                    • String ID:
                                                                                    • API String ID: 2740478559-0
                                                                                    • Opcode ID: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
                                                                                    • Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
                                                                                    • Opcode Fuzzy Hash: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
                                                                                    • Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98
                                                                                    Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 797 401eb9-401ec4 798 401f24-401f26 797->798 799 401ec6-401ec9 797->799 800 401f53-401f69 GlobalAlloc call 406805 798->800 801 401f28-401f2a 798->801 802 401ed5-401ee3 call 4062a3 799->802 803 401ecb-401ecf 799->803 811 401f6e-401f7b 800->811 805 401f3c-401f4e call 406009 801->805 806 401f2c-401f36 call 4062a3 801->806 814 401ee4-402702 call 406805 802->814 803->799 807 401ed1-401ed3 803->807 817 402387-40238d GlobalFree 805->817 806->805 807->802 813 401ef7-402e50 call 406009 * 3 807->813 816 4030e3-4030f2 811->816 811->817 813->816 829 402708-40270e 814->829 817->816 829->816
                                                                                    APIs
                                                                                      • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                    • GlobalFree.KERNEL32(007EA4A8), ref: 00402387
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: FreeGloballstrcpyn
                                                                                    • String ID: 164$Exch: stack < %d elements$Pop: stack empty
                                                                                    • API String ID: 1459762280-4067596864
                                                                                    • Opcode ID: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
                                                                                    • Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
                                                                                    • Opcode Fuzzy Hash: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
                                                                                    • Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD
                                                                                    Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 832 402713-40273b call 406009 * 2 837 402746-402749 832->837 838 40273d-402743 call 40145c 832->838 840 402755-402758 837->840 841 40274b-402752 call 40145c 837->841 838->837 842 402764-40278c call 40145c call 4062a3 WritePrivateProfileStringW 840->842 843 40275a-402761 call 40145c 840->843 841->840 843->842
                                                                                    APIs
                                                                                      • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                    • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: PrivateProfileStringWritelstrcpyn
                                                                                    • String ID: 164$<RM>$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                    • API String ID: 247603264-1524835588
                                                                                    • Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                    • Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
                                                                                    • Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                    • Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD
                                                                                    Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 939 4021b5-40220b call 40145c * 4 call 404f72 ShellExecuteW 950 402223-4030f2 call 4062a3 939->950 951 40220d-40221b call 4062a3 939->951 951->950
                                                                                    APIs
                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                      • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                      • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                    • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202
                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                    Strings
                                                                                    • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                    • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                    • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                    • API String ID: 3156913733-2180253247
                                                                                    • Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                    • Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
                                                                                    • Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                    • Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139
                                                                                    Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 959 405e7f-405e8b 960 405e8c-405ec0 GetTickCount GetTempFileNameW 959->960 961 405ec2-405ec4 960->961 962 405ecf-405ed1 960->962 961->960 964 405ec6 961->964 963 405ec9-405ecc 962->963 964->963
                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 00405E9D
                                                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: CountFileNameTempTick
                                                                                    • String ID: nsa
                                                                                    • API String ID: 1716503409-2209301699
                                                                                    • Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                    • Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
                                                                                    • Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                    • Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798
                                                                                    Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                    • String ID: HideWindow
                                                                                    • API String ID: 1249568736-780306582
                                                                                    • Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                    • Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
                                                                                    • Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                    • Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D
                                                                                    Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                    • Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
                                                                                    • Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                    • Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85
                                                                                    Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                    • Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
                                                                                    • Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                    • Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89
                                                                                    Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                    • Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
                                                                                    • Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                    • Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86
                                                                                    Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                    • Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
                                                                                    • Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                    • Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85
                                                                                    Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                    • Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
                                                                                    • Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                    • Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86
                                                                                    Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                    • Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
                                                                                    • Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                    • Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86
                                                                                    Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalFree.KERNELBASE(?), ref: 004073C5
                                                                                    • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
                                                                                    • GlobalFree.KERNELBASE(?), ref: 0040743D
                                                                                    • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$AllocFree
                                                                                    • String ID:
                                                                                    • API String ID: 3394109436-0
                                                                                    • Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                    • Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
                                                                                    • Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                    • Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85
                                                                                    Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                    • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                    • Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
                                                                                    • Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                    • Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E
                                                                                    Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$AttributesCreate
                                                                                    • String ID:
                                                                                    • API String ID: 415043291-0
                                                                                    • Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                    • Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
                                                                                    • Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                    • Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15
                                                                                    Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: AttributesFile
                                                                                    • String ID:
                                                                                    • API String ID: 3188754299-0
                                                                                    • Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                    • Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
                                                                                    • Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                    • Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18
                                                                                    Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID:
                                                                                    • API String ID: 2738559852-0
                                                                                    • Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                    • Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
                                                                                    • Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                    • Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8
                                                                                    Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                      • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                    • CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Char$Next$CreateDirectoryPrev
                                                                                    • String ID:
                                                                                    • API String ID: 4115351271-0
                                                                                    • Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                    • Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
                                                                                    • Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                    • Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE
                                                                                    Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                    • Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
                                                                                    • Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                    • Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E
                                                                                    Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: FilePointer
                                                                                    • String ID:
                                                                                    • API String ID: 973152223-0
                                                                                    • Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                    • Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
                                                                                    • Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                    • Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C
                                                                                    Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                    • Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
                                                                                    • Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                    • Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08
                                                                                    Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: CallbackDispatcherUser
                                                                                    • String ID:
                                                                                    • API String ID: 2492992576-0
                                                                                    • Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                    • Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
                                                                                    • Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                    • Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08

                                                                                    Non-executed Functions

                                                                                    Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 00404993
                                                                                    • GetDlgItem.USER32(?,00000408), ref: 004049A0
                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
                                                                                    • LoadBitmapW.USER32(0000006E), ref: 00404A02
                                                                                    • SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
                                                                                    • DeleteObject.GDI32(?), ref: 00404A79
                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404BCF
                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404D9C
                                                                                    • GlobalFree.KERNEL32(?), ref: 00404DAC
                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404F49
                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00404F54
                                                                                    • ShowWindow.USER32(00000000), ref: 00404F5B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                    • String ID: $ @$M$N
                                                                                    • API String ID: 1638840714-3479655940
                                                                                    • Opcode ID: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
                                                                                    • Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
                                                                                    • Opcode Fuzzy Hash: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
                                                                                    • Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58
                                                                                    Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 004044F9
                                                                                    • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 00404527
                                                                                    • GetAsyncKeyState.USER32(00000010), ref: 0040452E
                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 00404543
                                                                                    • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
                                                                                    • SetWindowTextW.USER32(?,?), ref: 00404583
                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 0040463D
                                                                                    • lstrcmpiW.KERNEL32(00462540,00447240,00000000,?,?), ref: 0040467A
                                                                                    • lstrcatW.KERNEL32(?,00462540), ref: 00404686
                                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404648
                                                                                      • Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97
                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                      • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                      • Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F
                                                                                    • GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774
                                                                                      • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                    • SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                    • String ID: 82D$@%F$@rD$A
                                                                                    • API String ID: 3347642858-1086125096
                                                                                    • Opcode ID: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
                                                                                    • Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
                                                                                    • Opcode Fuzzy Hash: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
                                                                                    • Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59
                                                                                    Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                    • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
                                                                                    • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
                                                                                    • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
                                                                                    • lstrcmpA.KERNEL32(name,?), ref: 00406FC7
                                                                                    • CloseHandle.KERNEL32(?), ref: 004071E6
                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                    • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                    • API String ID: 1916479912-1189179171
                                                                                    • Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                    • Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
                                                                                    • Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                    • Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64
                                                                                    Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
                                                                                    • lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
                                                                                    • lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
                                                                                    • lstrlenW.KERNEL32(?), ref: 00406D2C
                                                                                    • FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
                                                                                    • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
                                                                                    • FindClose.KERNEL32(?), ref: 00406E33
                                                                                    Strings
                                                                                    • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
                                                                                    • Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
                                                                                    • RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
                                                                                    • Delete: DeleteFile failed("%s"), xrefs: 00406DFD
                                                                                    • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
                                                                                    • \*.*, xrefs: 00406D03
                                                                                    • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
                                                                                    • Delete: DeleteFile("%s"), xrefs: 00406DBC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                    • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
                                                                                    • API String ID: 2035342205-3294556389
                                                                                    • Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                    • Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
                                                                                    • Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                    • Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD
                                                                                    Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CoCreateInstance.OLE32(00409B24,?,00000001,00409B04,?), ref: 0040257E
                                                                                    Strings
                                                                                    • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateInstance
                                                                                    • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                    • API String ID: 542301482-1377821865
                                                                                    • Opcode ID: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                    • Instruction ID: c24c797a6f187c751e7d972b1a807078ee58ffeb38f484aa28d094541f0f6205
                                                                                    • Opcode Fuzzy Hash: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                    • Instruction Fuzzy Hash: 02415E74A00205BFCF04EFA0CC99EAE7B79FF48314B20456AF915EB2E1C679A941CB54
                                                                                    Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402E27
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFindFirst
                                                                                    • String ID:
                                                                                    • API String ID: 1974802433-0
                                                                                    • Opcode ID: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                    • Instruction ID: b91193b5dd17d351e639dca097a4c2443a83fae7855d8014906372cda19badf2
                                                                                    • Opcode Fuzzy Hash: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                    • Instruction Fuzzy Hash: 4EE06D32600204AFD700EB749D45ABE736CDF01329F20457BF146F20D1E6B89A41976A
                                                                                    Function 007F3AF8 Relevance: .4, Instructions: 389COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000003.1716881408.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, Offset: 007F3000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_3_7e5000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 658d49beba362813d43fa84c7ffa7777d6bac4d120bf2c3a61fbab8353616a06
                                                                                    • Instruction ID: d98475c1b5784d087df5b70e02fbd45df58af320c68ecec93d85b15aea91e0d2
                                                                                    • Opcode Fuzzy Hash: 658d49beba362813d43fa84c7ffa7777d6bac4d120bf2c3a61fbab8353616a06
                                                                                    • Instruction Fuzzy Hash: 7CA1B9A280E7C19FD7138B748C792517FB16E2721475E86DFC4C68F4A3E258A84AD723
                                                                                    Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
                                                                                    • lstrlenW.KERNEL32(?), ref: 004063CC
                                                                                    • GetVersionExW.KERNEL32(?), ref: 0040642A
                                                                                      • Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031
                                                                                    • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 004064D4
                                                                                    • GlobalFree.KERNEL32(?), ref: 004064DD
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                    • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                    • API String ID: 20674999-2124804629
                                                                                    • Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                    • Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
                                                                                    • Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                    • Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68
                                                                                    Function 004040B8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404181
                                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040419E
                                                                                    • GetSysColor.USER32(?), ref: 004041AF
                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041BD
                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041CB
                                                                                    • lstrlenW.KERNEL32(?), ref: 004041D6
                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004041E3
                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004041F2
                                                                                      • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404124,?), ref: 00403FE1
                                                                                      • Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404124,?), ref: 00403FF0
                                                                                      • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404124,?), ref: 00404004
                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 0040424A
                                                                                    • SendMessageW.USER32(00000000), ref: 00404251
                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 0040427E
                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042C1
                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 004042CF
                                                                                    • SetCursor.USER32(00000000), ref: 004042D2
                                                                                    • ShellExecuteW.SHELL32(0000070B,open,00462540,00000000,00000000,00000001), ref: 004042E7
                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 004042F3
                                                                                    • SetCursor.USER32(00000000), ref: 004042F6
                                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404325
                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404337
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                    • String ID: @%F$N$open
                                                                                    • API String ID: 3928313111-3849437375
                                                                                    • Opcode ID: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                    • Instruction ID: 2c1438ad93098d7b112eeb2502b55652a68651cb38e922ac8f4fb42b83a973d4
                                                                                    • Opcode Fuzzy Hash: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                    • Instruction Fuzzy Hash: 0F71A4B1900609FFDB109F60DD45EAA7B79FB44305F00843AFA05B62D1C778A991CF99
                                                                                    Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
                                                                                    • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
                                                                                    • GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1
                                                                                      • Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                      • Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                    • GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
                                                                                    • wsprintfA.USER32 ref: 00406B4D
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
                                                                                    • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37
                                                                                      • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                      • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00406C52
                                                                                    • CloseHandle.KERNEL32(?), ref: 00406C5C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                    • String ID: F$%s=%s$NUL$[Rename]
                                                                                    • API String ID: 565278875-1653569448
                                                                                    • Opcode ID: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
                                                                                    • Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
                                                                                    • Opcode Fuzzy Hash: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
                                                                                    • Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC
                                                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                    • DeleteObject.GDI32(?), ref: 004010F6
                                                                                    • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                    • DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                    • DeleteObject.GDI32(?), ref: 0040116E
                                                                                    • EndPaint.USER32(?,?), ref: 00401177
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                    • String ID: F
                                                                                    • API String ID: 941294808-1304234792
                                                                                    • Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                    • Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
                                                                                    • Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                    • Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4
                                                                                    Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                    • lstrlenW.KERNEL32(004130D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                    • RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                    Strings
                                                                                    • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                    • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                    • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                    • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                    • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                    • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                    • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                    • API String ID: 1641139501-220328614
                                                                                    • Opcode ID: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                    • Instruction ID: 4ea7a0066738be70411365ddd6f3e5606018e51d84950e7919a1ab5782edcef9
                                                                                    • Opcode Fuzzy Hash: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                    • Instruction Fuzzy Hash: 3D41BFB2D00209BFDF11AF90CE46DAEBBB9EB04704F20407BF505B61A1D6B94B509B59
                                                                                    Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                    • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                    • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                    Strings
                                                                                    • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                    • String ID: created uninstaller: %d, "%s"
                                                                                    • API String ID: 3294113728-3145124454
                                                                                    • Opcode ID: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                    • Instruction ID: 876417c632a2c352b67fb01c84f3ccb8dada3a759dccfb7ac575e016526b3130
                                                                                    • Opcode Fuzzy Hash: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                    • Instruction Fuzzy Hash: E231B272800115BBCB11AFA4CE45DAF7FB9EF08364F10023AF555B61E1CB794E419B98
                                                                                    Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                    • GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
                                                                                    • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
                                                                                    • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062D4,00000000), ref: 004061A2
                                                                                    • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                    • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                    • API String ID: 3734993849-2769509956
                                                                                    • Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                    • Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
                                                                                    • Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                    • Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD
                                                                                    Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
                                                                                    • GetSysColor.USER32(00000000), ref: 00403E00
                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00403E0C
                                                                                    • SetBkMode.GDI32(?,?), ref: 00403E18
                                                                                    • GetSysColor.USER32(?), ref: 00403E2B
                                                                                    • SetBkColor.GDI32(?,?), ref: 00403E3B
                                                                                    • DeleteObject.GDI32(?), ref: 00403E55
                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00403E5F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2320649405-0
                                                                                    • Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                    • Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
                                                                                    • Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                    • Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94
                                                                                    Function 004023F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                      • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                      • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                    • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                    • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                    Strings
                                                                                    • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                    • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                    • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                    • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s
                                                                                    • API String ID: 1033533793-945480824
                                                                                    • Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                    • Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
                                                                                    • Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                    • Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D
                                                                                    Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                      • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                      • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                      • Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                      • Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                    • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                    Strings
                                                                                    • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                    • Exec: command="%s", xrefs: 00402241
                                                                                    • Exec: success ("%s"), xrefs: 00402263
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                    • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                    • API String ID: 2014279497-3433828417
                                                                                    • Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                    • Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
                                                                                    • Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                    • Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D
                                                                                    Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
                                                                                    • GetMessagePos.USER32 ref: 00404871
                                                                                    • ScreenToClient.USER32(?,?), ref: 00404889
                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$Send$ClientScreen
                                                                                    • String ID: f
                                                                                    • API String ID: 41195575-1993550816
                                                                                    • Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                    • Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
                                                                                    • Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                    • Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5
                                                                                    Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                    • MulDiv.KERNEL32(0000C200,00000064,?), ref: 00403295
                                                                                    • wsprintfW.USER32 ref: 004032A5
                                                                                    • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                    Strings
                                                                                    • verifying installer: %d%%, xrefs: 0040329F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                    • String ID: verifying installer: %d%%
                                                                                    • API String ID: 1451636040-82062127
                                                                                    • Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                    • Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
                                                                                    • Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                    • Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58
                                                                                    Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
                                                                                    • wsprintfW.USER32 ref: 00404457
                                                                                    • SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                    • String ID: %u.%u%s%s$@rD
                                                                                    • API String ID: 3540041739-1813061909
                                                                                    • Opcode ID: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
                                                                                    • Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
                                                                                    • Opcode Fuzzy Hash: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
                                                                                    • Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679
                                                                                    Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                    • CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                    • CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                    • CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Char$Next$Prev
                                                                                    • String ID: *?|<>/":
                                                                                    • API String ID: 589700163-165019052
                                                                                    • Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                    • Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
                                                                                    • Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                    • Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD
                                                                                    Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                    • String ID:
                                                                                    • API String ID: 1912718029-0
                                                                                    • Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                    • Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
                                                                                    • Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                    • Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29
                                                                                    Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                    • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                    • VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360
                                                                                      • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                    • GlobalFree.KERNEL32(007EA4A8), ref: 00402387
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                    • String ID:
                                                                                    • API String ID: 3376005127-0
                                                                                    • Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                    • Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
                                                                                    • Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                    • Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19
                                                                                    Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                    • WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                    • lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                    • String ID:
                                                                                    • API String ID: 2568930968-0
                                                                                    • Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                    • Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
                                                                                    • Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                    • Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68
                                                                                    Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?), ref: 004020A3
                                                                                    • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                    • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                    • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                    • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                    • String ID:
                                                                                    • API String ID: 1849352358-0
                                                                                    • Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                    • Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
                                                                                    • Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                    • Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28
                                                                                    Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Timeout
                                                                                    • String ID: !
                                                                                    • API String ID: 1777923405-2657877971
                                                                                    • Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                    • Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
                                                                                    • Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                    • Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758
                                                                                    Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                    • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                    Strings
                                                                                    • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                    • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                    • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                    • API String ID: 1697273262-1764544995
                                                                                    • Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                    • Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
                                                                                    • Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                    • Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D
                                                                                    Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • IsWindowVisible.USER32(?), ref: 00404902
                                                                                    • CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970
                                                                                      • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                    • String ID: $@rD
                                                                                    • API String ID: 3748168415-881980237
                                                                                    • Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                    • Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
                                                                                    • Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                    • Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD
                                                                                    Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                      • Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                      • Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                    • lstrlenW.KERNEL32 ref: 004026B4
                                                                                    • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                    • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                    • String ID: CopyFiles "%s"->"%s"
                                                                                    • API String ID: 2577523808-3778932970
                                                                                    • Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                    • Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
                                                                                    • Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                    • Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59
                                                                                    Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrcatwsprintf
                                                                                    • String ID: %02x%c$...
                                                                                    • API String ID: 3065427908-1057055748
                                                                                    • Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                    • Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
                                                                                    • Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                    • Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794
                                                                                    Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • OleInitialize.OLE32(00000000), ref: 00405057
                                                                                      • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                    • OleUninitialize.OLE32(00000404,00000000), ref: 004050A5
                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                    • String ID: Section: "%s"$Skipping section: "%s"
                                                                                    • API String ID: 2266616436-4211696005
                                                                                    • Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                    • Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
                                                                                    • Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                    • Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D
                                                                                    Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDC.USER32(?), ref: 00402100
                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                      • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                    • CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A
                                                                                      • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                    • String ID:
                                                                                    • API String ID: 1599320355-0
                                                                                    • Opcode ID: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
                                                                                    • Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
                                                                                    • Opcode Fuzzy Hash: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
                                                                                    • Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D
                                                                                    Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                    • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
                                                                                    • lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
                                                                                    • lstrcpynW.KERNEL32(?,?,?), ref: 00407261
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                    • String ID: Version
                                                                                    • API String ID: 512980652-315105994
                                                                                    • Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                    • Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
                                                                                    • Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                    • Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5
                                                                                    Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
                                                                                    • GetTickCount.KERNEL32 ref: 00403303
                                                                                    • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                    • String ID:
                                                                                    • API String ID: 2102729457-0
                                                                                    • Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                    • Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
                                                                                    • Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                    • Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC
                                                                                    Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
                                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 00406395
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0040639E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                    • String ID:
                                                                                    • API String ID: 2883127279-0
                                                                                    • Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                    • Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
                                                                                    • Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                    • Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675
                                                                                    Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                    • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: PrivateProfileStringlstrcmp
                                                                                    • String ID: !N~
                                                                                    • API String ID: 623250636-529124213
                                                                                    • Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                    • Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
                                                                                    • Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                    • Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718
                                                                                    Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                    • CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                    Strings
                                                                                    • Error launching installer, xrefs: 00405C48
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseCreateHandleProcess
                                                                                    • String ID: Error launching installer
                                                                                    • API String ID: 3712363035-66219284
                                                                                    • Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                    • Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
                                                                                    • Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                    • Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68
                                                                                    Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                    • wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                      • Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseHandlelstrlenwvsprintf
                                                                                    • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                    • API String ID: 3509786178-2769509956
                                                                                    • Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                    • Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
                                                                                    • Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                    • Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E
                                                                                    Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                    • lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
                                                                                    • CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
                                                                                    • lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1717391016.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.1717363231.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717418846.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717444939.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.1717588426.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_1E3Vcm2yrA.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                    • String ID:
                                                                                    • API String ID: 190613189-0
                                                                                    • Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                    • Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
                                                                                    • Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                    • Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4

                                                                                    Executed Functions

                                                                                    Function 030102D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 03010326
                                                                                      • Part of subcall function 030100A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 030100CD
                                                                                      • Part of subcall function 030100A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 03010279
                                                                                    • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 03010378
                                                                                    • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 030103E7
                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 03010407
                                                                                    • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 0301042E
                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 03010456
                                                                                    • CloseHandle.KERNELBASE(?), ref: 03010471
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000011.00000003.1986537916.0000000003010000.00000040.00000001.00020000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_17_3_3010000_svchost.jbxd
                                                                                    Similarity
                                                                                    • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                    • String ID: ,
                                                                                    • API String ID: 3867569247-3772416878
                                                                                    • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                    • Instruction ID: a68a03d9a728b47045dd7a3ac2f430faab62779adf781fece9a768339f63108b
                                                                                    • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                    • Instruction Fuzzy Hash: 90611DB5901209EFDB20DFA5C884ADEFBF8FF48354F14851AF999A7640D730A990CB60
                                                                                    Function 030100A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 030100CD
                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 03010279
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000011.00000003.1986537916.0000000003010000.00000040.00000001.00020000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_17_3_3010000_svchost.jbxd
                                                                                    Similarity
                                                                                    • API ID: Virtual$AllocFree
                                                                                    • String ID:
                                                                                    • API String ID: 2087232378-0
                                                                                    • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                    • Instruction ID: 1c0509f0e0bd2825748833bbf42c01a4c46f90c78b102c0572e2dda5d0e6a245
                                                                                    • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                    • Instruction Fuzzy Hash: 96718D71E05249DFDB41CF98C981BEDBBF0AF09314F284495E4A5FB241D238AAA1CF65
                                                                                    Function 03010230 Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 03010279
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000011.00000003.1986537916.0000000003010000.00000040.00000001.00020000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_17_3_3010000_svchost.jbxd
                                                                                    Similarity
                                                                                    • API ID: FreeVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 1263568516-0
                                                                                    • Opcode ID: 72cd1d773d33be3c714891ca11413f6904648207820b321c7b6ca4a788c60533
                                                                                    • Instruction ID: d92f9cc47e55f78d16b87f0eca329cce24bb1fbdf95bb13752eebf44f5aa2742
                                                                                    • Opcode Fuzzy Hash: 72cd1d773d33be3c714891ca11413f6904648207820b321c7b6ca4a788c60533
                                                                                    • Instruction Fuzzy Hash: 5BF0A430A0524AEFCB81CF58C981BAEBBF1BB14300F244591E895F7250D634EEA1CB61

                                                                                    Non-executed Functions

                                                                                    Function 03010283 Relevance: .0, Instructions: 35COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000011.00000003.1986537916.0000000003010000.00000040.00000001.00020000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_17_3_3010000_svchost.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                    • Instruction ID: 052b93720866192d57343adffb5344e5ccd11cb5424887674227f59b1dd7ae77
                                                                                    • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                    • Instruction Fuzzy Hash: 26F0CD79A02200CFCB64CF49C648C99F7FAFB81720B2844A5D404EB261D3B0ED98CB60

                                                                                    Execution Graph

                                                                                    Execution Coverage:33.4%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:83.3%
                                                                                    Total number of Nodes:24
                                                                                    Total number of Limit Nodes:0
                                                                                    execution_graph 415 27fba4a1cf4 416 27fba4a1d19 415->416 417 27fba4a1fa1 416->417 426 27fba4a15c0 416->426 419 27fba4a1f98 CloseHandle 419->417 420 27fba4a1f88 NtAcceptConnectPort 420->419 421 27fba4a1e3a 421->419 421->420 422 27fba4a1ecd 421->422 429 27fba4a0ac8 421->429 422->422 435 27fba4a1aa4 NtAcceptConnectPort 422->435 428 27fba4a15f4 NtAcceptConnectPort 426->428 428->421 430 27fba4a0c62 429->430 431 27fba4a0ae8 429->431 430->422 431->430 432 27fba4a0be8 NtAcceptConnectPort 431->432 432->430 433 27fba4a0c1b 432->433 433->430 434 27fba4a0c33 NtAcceptConnectPort 433->434 434->430 436 27fba4a1af7 435->436 437 27fba4a1c04 435->437 441 27fba4a1870 436->441 437->420 439 27fba4a1b10 440 27fba4a1bb6 NtAcceptConnectPort 439->440 440->437 442 27fba4a1889 441->442 443 27fba4a1930 GetProcessMitigationPolicy 442->443 444 27fba4a1949 442->444 443->444 444->439

                                                                                    Callgraph

                                                                                    Executed Functions

                                                                                    Function 0000027FBA4A1CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000015.00000002.2234883949.0000027FBA4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FBA4A0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_21_2_27fba4a0000_fontdrvhost.jbxd
                                                                                    Similarity
                                                                                    • API ID: AcceptCloseConnectHandlePort
                                                                                    • String ID:
                                                                                    • API String ID: 3811980168-0
                                                                                    • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                    • Instruction ID: 835ef87081b2d6371949af29c17e51c69a4560ac6a521abb2000c3202a58e546
                                                                                    • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                    • Instruction Fuzzy Hash: 2791A43050CF088FDBA4EB1CC5857E573E1FB99314F24566EE48FC72A6EA74A8428785
                                                                                    Function 0000027FBA4A0AC8 Relevance: 3.2, APIs: 2, Instructions: 185nativeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000015.00000002.2234883949.0000027FBA4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FBA4A0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_21_2_27fba4a0000_fontdrvhost.jbxd
                                                                                    Similarity
                                                                                    • API ID: AcceptConnectPort
                                                                                    • String ID:
                                                                                    • API String ID: 1658770261-0
                                                                                    • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                                    • Instruction ID: 6278ec830fdd6e4ebeef4e927f0846a3cfb426af67c7d6fd47eaf4d3f4ec683a
                                                                                    • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                                    • Instruction Fuzzy Hash: 0251363091CA158EE36CA638C999278B7D0F7C930AF34256ED0F7C51A3F924C5478786
                                                                                    Function 0000027FBA4A1AA4 Relevance: 3.2, APIs: 2, Instructions: 150nativeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000015.00000002.2234883949.0000027FBA4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FBA4A0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_21_2_27fba4a0000_fontdrvhost.jbxd
                                                                                    Similarity
                                                                                    • API ID: AcceptConnectPort$MitigationPolicyProcess
                                                                                    • String ID:
                                                                                    • API String ID: 2923266908-0
                                                                                    • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                                    • Instruction ID: f721823790ac4cc413886db5a516dada0554cb855d5ddb637a4213d418a27279
                                                                                    • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                                    • Instruction Fuzzy Hash: 7B41D03020CB488FDB88DF2CD8897957B91EB59320F1443AEE95ECB2D7DA34C9458795
                                                                                    Function 0000027FBA4A15C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 118 27fba4a15c0-27fba4a15f2 119 27fba4a15f9-27fba4a15fb 118->119 120 27fba4a15f4-27fba4a15f7 118->120 122 27fba4a15fd-27fba4a1609 119->122 123 27fba4a160b-27fba4a160d 119->123 121 27fba4a161f-27fba4a166d NtAcceptConnectPort 120->121 122->121 124 27fba4a161d 123->124 125 27fba4a160f-27fba4a161b 123->125 124->121 125->121
                                                                                    APIs
                                                                                    • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,0000027FBA4A1E3A), ref: 0000027FBA4A1654
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000015.00000002.2234883949.0000027FBA4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FBA4A0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_21_2_27fba4a0000_fontdrvhost.jbxd
                                                                                    Similarity
                                                                                    • API ID: AcceptConnectPort
                                                                                    • String ID:
                                                                                    • API String ID: 1658770261-0
                                                                                    • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                    • Instruction ID: 75a368db7e7fed85904d94d47504a4a53d7dd5c9ad976fbf4cfa6c4a8b238965
                                                                                    • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                    • Instruction Fuzzy Hash: C521297150CB088FDB98DF18C589A6AB7E1FBA9309F140A6FE54EC7260EB31D485CB45
                                                                                    Function 0000027FBA4A1870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 95 27fba4a1870-27fba4a18a0 call 27fba4a08a4 * 2 100 27fba4a18a6-27fba4a18a9 95->100 101 27fba4a1954-27fba4a195b 95->101 100->101 102 27fba4a18af-27fba4a18b9 100->102 102->101 103 27fba4a18bf-27fba4a18c4 102->103 103->101 104 27fba4a18ca-27fba4a18d7 103->104 104->101 105 27fba4a18d9-27fba4a18e1 104->105 105->101 106 27fba4a18e3-27fba4a18ee 105->106 106->101 107 27fba4a18f0-27fba4a18f7 106->107 107->101 108 27fba4a18f9-27fba4a18fc 107->108 108->101 109 27fba4a18fe-27fba4a1906 108->109 109->101 110 27fba4a1908-27fba4a190b 109->110 110->101 111 27fba4a190d-27fba4a1916 110->111 111->101 112 27fba4a1918-27fba4a191c 111->112 112->101 113 27fba4a191e-27fba4a192e 112->113 113->101 115 27fba4a1930-27fba4a1947 GetProcessMitigationPolicy 113->115 115->101 116 27fba4a1949-27fba4a194e 115->116 116->101 117 27fba4a1950-27fba4a1951 116->117 117->101
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000015.00000002.2234883949.0000027FBA4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FBA4A0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_21_2_27fba4a0000_fontdrvhost.jbxd
                                                                                    Similarity
                                                                                    • API ID: MitigationPolicyProcess
                                                                                    • String ID:
                                                                                    • API String ID: 1088084561-0
                                                                                    • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                    • Instruction ID: 1132966bbbfe12eefc04e11e05a9c20d2e7dcaaee9c8d2a7667c9ddb56b6dfea
                                                                                    • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                    • Instruction Fuzzy Hash: 9431B83014CB0BCAEBE5966CC5987F176D8EB8D328F24A1BAC01AD30E1FA35C54DC644

                                                                                    Non-executed Functions

                                                                                    Function 0000027FBA4A0511 Relevance: .0, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000015.00000002.2234883949.0000027FBA4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FBA4A0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_21_2_27fba4a0000_fontdrvhost.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                    • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                                    • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                    • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F